nerdexam
(ISC)2

CISSP-ISSEP · Question #157

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information?

The correct answer is D. NSTISSP No. 6. NSTISSP No. 6, titled "National Policy on Certification and Accreditation of National Security Telecommunications and Information Systems," is the policy that explicitly mandates NIACAP for all U.S. Government systems processing classified information - making D the correct choic

Governance and Training

Question

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information?

Options

  • ANSTISSP No. 11
  • BNSTISSP No. 101
  • CNSTISSP No. 7
  • DNSTISSP No. 6

How the community answered

(42 responses)
  • A
    2% (1)
  • C
    5% (2)
  • D
    93% (39)

Explanation

NSTISSP No. 6, titled "National Policy on Certification and Accreditation of National Security Telecommunications and Information Systems," is the policy that explicitly mandates NIACAP for all U.S. Government systems processing classified information - making D the correct choice.

Why the distractors are wrong:

  • A (No. 11) governs the acquisition of Information Assurance (IA) and IA-enabled IT products used in national security systems - it's about buying secure products, not certifying systems.
  • B (No. 101) addresses national policy for securing voice communications - a separate, narrower domain unrelated to system-level C&A.
  • C (No. 7) also deals with acquisition policy for IA products, closely related to No. 11 but not the C&A mandate.

Memory tip: Think "6 = Certification" - the number 6 rhymes with "fix," and NIACAP is how you fix (formally validate) a system's security posture before it's authorized to handle classified data. NSTISSP No. 6 is the one policy dedicated entirely to the C&A process, while Nos. 7 and 11 are about acquisition and No. 101 is about voice.

Topics

#CNSS Policies#NIACAP#Certification & Accreditation#Government Compliance

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice