CAP · Question #347
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?
The correct answer is C. Phase 2. DITSCAP (DoD Information Technology Security Certification and Accreditation Process) has four phases: Phase 1 (Definition) - establishes the scope and produces the initial System Security Authorization Agreement (SSAA); Phase 2 (Verification) - takes place after the initial SSAA
Question
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?
Options
- APhase 3
- BPhase 1
- CPhase 2
- DPhase 4
How the community answered
(25 responses)- A4% (1)
- B8% (2)
- C88% (22)
Explanation
DITSCAP (DoD Information Technology Security Certification and Accreditation Process) has four phases: Phase 1 (Definition) - establishes the scope and produces the initial System Security Authorization Agreement (SSAA); Phase 2 (Verification) - takes place after the initial SSAA is signed and before formal accreditation, verifying that the system's security design and implementation meet the agreed-upon requirements; Phase 3 (Validation) - results in the certification determination and accreditation decision; Phase 4 (Post Accreditation) - ongoing maintenance of the accreditation. The window described-between the signed SSAA and formal accreditation-is precisely Phase 2.
Topics
Community Discussion
No community discussion yet for this question.