CAP · Question #222
Which of the following individuals makes the final accreditation decision?
The correct answer is A. DAA. The DAA (Designated Accrediting Authority), called the Authorizing Official (AO) in the NIST RMF framework, is the senior official with the authority to formally accept the risk of operating an information system and issue the official accreditation (authorization to operate). Th
Question
Which of the following individuals makes the final accreditation decision?
Options
- ADAA
- BISSO
- CCIO
- DCISO
How the community answered
(66 responses)- A92% (61)
- B2% (1)
- C2% (1)
- D5% (3)
Explanation
The DAA (Designated Accrediting Authority), called the Authorizing Official (AO) in the NIST RMF framework, is the senior official with the authority to formally accept the risk of operating an information system and issue the official accreditation (authorization to operate). The ISSO (Information System Security Officer) manages day-to-day security operations. The CIO oversees IT strategy. The CISO manages the organization's security program. Only the DAA/AO has the formal authority to sign the accreditation decision.
Topics
Community Discussion
No community discussion yet for this question.