CISSP-ISSEP · Question #165
Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, a
The correct answer is D. DoD 8500.1 Information Assurance (IA). DoD 8500.1 is the foundational, top-level policy that establishes the overarching IA framework - it sets the vision, assigns responsibilities across the DoD enterprise, and mandates the defense-in-depth strategy integrating people, operations, and technology to enable network-cen
Question
Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare?
Options
- ADoD 8500.2 Information Assurance Implementation
- BDoD 8510.1-M DITSCAP
- CDoDI 5200.40
- DDoD 8500.1 Information Assurance (IA)
How the community answered
(59 responses)- A3% (2)
- B2% (1)
- C2% (1)
- D93% (55)
Explanation
DoD 8500.1 is the foundational, top-level policy that establishes the overarching IA framework - it sets the vision, assigns responsibilities across the DoD enterprise, and mandates the defense-in-depth strategy integrating people, operations, and technology to enable network-centric warfare. DoD 8500.2 (A) is a subordinate implementation document that translates 8500.1's mandates into specific IA controls and technical requirements - it implements policy but doesn't establish it. DoD 8510.1-M DITSCAP (B) governs the Certification and Accreditation process for IT systems, not the foundational IA policy framework. DoDI 5200.40 (C) applies DITSCAP specifically to National Security Systems, making it narrower in scope and focused on C&A rather than enterprise IA policy.
Memory tip: Think of it numerically - 8500.1 is the first (foundational) policy, and 8500.2 is the second step (implementing that policy). When a question asks what establishes policies and assigns responsibilities at the enterprise level, that's always the ".1" document.
Topics
Community Discussion
No community discussion yet for this question.