CAP · Question #262
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
The correct answer is D. SSAA. The System Security Authorization Agreement (SSAA) is the DoD document used to describe, accredit, and authorize networks and systems under the DITSCAP framework.
Question
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
Options
- AFITSAF
- BFIPS
- CTCSEC
- DSSAA
How the community answered
(27 responses)- A7% (2)
- B4% (1)
- D89% (24)
Why each option
The System Security Authorization Agreement (SSAA) is the DoD document used to describe, accredit, and authorize networks and systems under the DITSCAP framework.
FITSAF (Federal Information Technology Security Assessment Framework) is a methodology for assessing IT security maturity levels, not a DoD accreditation document.
FIPS (Federal Information Processing Standards) are NIST-published technical standards for federal systems, not DoD accreditation documents.
TCSEC (Trusted Computer System Evaluation Criteria), also known as the Orange Book, is an evaluation criteria standard for classifying security in systems, not a DoD accreditation document.
SSAA (System Security Authorization Agreement) is the formal DoD document used within the DITSCAP process to record the basis for certification and accreditation decisions for a specific system. It describes the system's security requirements, environment, and controls, and serves as the authoritative accreditation document throughout the system's lifecycle.
Concept tested: DoD SSAA document in DITSCAP accreditation
Source: https://public.cyber.mil/policy-guidance/
Topics
Community Discussion
No community discussion yet for this question.