$6)$ The security categorization results are reviewed by the authorizing official or the designated representative prior to approval. What typically happens when the security categorization decision is not approved because of inconsistencies between the selected impact levels and the mission$/$business functions of the organization? A$)$ The security control assessment team will go ahead with the assessment and document that the security categorization was not approved by management. B$)$ The system owner will select only inherited controls that had been categorized by the common controls provider. C$)$ The system owner initiates steps to repeat the categorization process and resubmits the adjusted results to the authorizing official or designated representative. D$)$ The stakeholders will change the organizational mission and business focus to match the current security categorization.