CISSP-ISSEP · Question #31
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing
The correct answer is C. Phase 4, Post Accreditation Phase. Phase 4, Post Accreditation, is correct because it is the only phase focused on maintaining a system after it has already been accredited - covering ongoing operations, configuration management, and responding to evolving threats throughout the system's life cycle. Phase 1 (Defin
Question
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?
Options
- APhase 1, Definition
- BPhase 3, Validation
- CPhase 4, Post Accreditation Phase
- DPhase 2, Verification
How the community answered
(39 responses)- A3% (1)
- B5% (2)
- C90% (35)
- D3% (1)
Explanation
Phase 4, Post Accreditation, is correct because it is the only phase focused on maintaining a system after it has already been accredited - covering ongoing operations, configuration management, and responding to evolving threats throughout the system's life cycle.
Phase 1 (Definition) is wrong because it deals with establishing the scope, security requirements, and the C&A agreement before any real development or deployment begins. Phase 2 (Verification) is wrong because it focuses on confirming that security requirements are met during system development or modification. Phase 3 (Validation) is wrong because it validates that the fully integrated system complies with security policy just before the accreditation decision is made - it's a pre-accreditation checkpoint, not an ongoing process.
Memory tip: Think of the phases in order - Define it, Verify it's built right, Validate it's ready, then Post-accreditation Preserves it. The word "Post" literally means "after accreditation," which maps directly to ongoing operation and managing threats over time.
Topics
Community Discussion
No community discussion yet for this question.