nerdexam
(ISC)2

CISSP-ISSEP · Question #193

Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an Approval To Operate (ATO) ?

The correct answer is B. Validation. Validation (Phase 3) is the correct answer because it is specifically designed to demonstrate through evidence that the system meets its security requirements, culminating in the DAA reviewing that evidence and issuing an Approval To Operate (ATO) - it is the "prove it and get ap

Risk Management

Question

Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an Approval To Operate (ATO) ?

Options

  • AVerification
  • BValidation
  • CPost accreditation
  • DDefinition

How the community answered

(44 responses)
  • A
    2% (1)
  • B
    93% (41)
  • C
    5% (2)

Explanation

Validation (Phase 3) is the correct answer because it is specifically designed to demonstrate through evidence that the system meets its security requirements, culminating in the DAA reviewing that evidence and issuing an Approval To Operate (ATO) - it is the "prove it and get approved" phase.

Verification (A) is wrong because it focuses on confirming the system was built correctly according to the System Security Authorization Agreement (SSAA), not on presenting evidence for the accreditation decision itself. Post Accreditation (C) is wrong because it occurs after the ATO has already been granted - it covers ongoing monitoring and maintenance. Definition (D) is wrong because it is the first phase, concerned with establishing the scope, security requirements, and the SSAA framework before any building or testing begins.

Memory tip: Think of the phases in logical order - Define it → Verify it was built right → Validate it works and get Approval → Post accreditation maintenance. "Validation = Verdict" - it's the phase where the DAA delivers the verdict (ATO).

Topics

#Certification and Accreditation#DITSCAP/NIACAP#Approval To Operate#Security Assessment

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice