nerdexam
(ISC)2

CAP · Question #347

Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?

The correct answer is C. Phase 2. DITSCAP (DoD Information Technology Security Certification and Accreditation Process) has four phases: Phase 1 (Definition) - establishes the scope and produces the initial System Security Authorization Agreement (SSAA); Phase 2 (Verification) - takes place after the initial SSAA

Implementation of Security and Privacy Controls

Question

Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?

Options

  • APhase 3
  • BPhase 1
  • CPhase 2
  • DPhase 4

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    8% (2)
  • C
    88% (22)

Explanation

DITSCAP (DoD Information Technology Security Certification and Accreditation Process) has four phases: Phase 1 (Definition) - establishes the scope and produces the initial System Security Authorization Agreement (SSAA); Phase 2 (Verification) - takes place after the initial SSAA is signed and before formal accreditation, verifying that the system's security design and implementation meet the agreed-upon requirements; Phase 3 (Validation) - results in the certification determination and accreditation decision; Phase 4 (Post Accreditation) - ongoing maintenance of the accreditation. The window described-between the signed SSAA and formal accreditation-is precisely Phase 2.

Topics

#DITSCAP#Certification and Accreditation (C&A)#SSAA#Security Authorization Phases

Community Discussion

No community discussion yet for this question.

Full CAP Practice