nerdexam
(ISC)2

CAP · Question #376

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

The correct answer is C. SSAA. SSAA - System Security Authorization Agreement (C) - is the DoD document used to formally describe a system's security posture and serve as the basis for its accreditation (authorization to operate). FIPS (A) are Federal Information Processing Standards issued by NIST, not DoD-sp

System Compliance

Question

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Options

  • AFIPS
  • BTCSEC
  • CSSAA
  • DFITSAF

How the community answered

(31 responses)
  • B
    6% (2)
  • C
    90% (28)
  • D
    3% (1)

Explanation

SSAA - System Security Authorization Agreement (C) - is the DoD document used to formally describe a system's security posture and serve as the basis for its accreditation (authorization to operate). FIPS (A) are Federal Information Processing Standards issued by NIST, not DoD-specific accreditation documents. TCSEC (B) is the Trusted Computer System Evaluation Criteria ('Orange Book'), a product evaluation standard. FITSAF (D) is the Federal IT Security Assessment Framework, a general federal assessment tool, not a DoD accreditation document.

Topics

#DoD Accreditation#SSAA#System Security Documentation#Compliance

Community Discussion

No community discussion yet for this question.

Full CAP Practice