CAP · Question #376
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
The correct answer is C. SSAA. SSAA - System Security Authorization Agreement (C) - is the DoD document used to formally describe a system's security posture and serve as the basis for its accreditation (authorization to operate). FIPS (A) are Federal Information Processing Standards issued by NIST, not DoD-sp
Question
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
Options
- AFIPS
- BTCSEC
- CSSAA
- DFITSAF
How the community answered
(31 responses)- B6% (2)
- C90% (28)
- D3% (1)
Explanation
SSAA - System Security Authorization Agreement (C) - is the DoD document used to formally describe a system's security posture and serve as the basis for its accreditation (authorization to operate). FIPS (A) are Federal Information Processing Standards issued by NIST, not DoD-specific accreditation documents. TCSEC (B) is the Trusted Computer System Evaluation Criteria ('Orange Book'), a product evaluation standard. FITSAF (D) is the Federal IT Security Assessment Framework, a general federal assessment tool, not a DoD accreditation document.
Topics
Community Discussion
No community discussion yet for this question.