nerdexam
(ISC)2

CISSP-ISSEP · Question #33

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this

The correct answer is A. Assessment of the Analysis Results B. Certification analysis D. System development E. Configuring refinement of the SSAA. DITSCAP Phase 2 (Verification) encompasses the activities needed to build and analyze a system that is ready for formal certification testing: system development (D) produces the actual integrated system, certification analysis (B) examines security controls against SSAA requirem

Systems Development and Acquisition

Question

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AAssessment of the Analysis Results
  • BCertification analysis
  • CRegistration
  • DSystem development
  • EConfiguring refinement of the SSAA

How the community answered

(50 responses)
  • A
    88% (44)
  • C
    12% (6)

Explanation

DITSCAP Phase 2 (Verification) encompasses the activities needed to build and analyze a system that is ready for formal certification testing: system development (D) produces the actual integrated system, certification analysis (B) examines security controls against SSAA requirements, assessment of the analysis results (A) evaluates whether those findings confirm the system meets its security goals, and configuring refinement of the SSAA (E) updates the SSAA document as the system evolves during development. Registration (C) is the distractor - it belongs to Phase 1 (Definition), where the system is first enrolled into the C&A process and the initial SSAA is negotiated between stakeholders.

Memory tip: Think of Phase 2 as "Build, Analyze, and Tune" - you develop the system, analyze it against requirements, assess the findings, and refine the SSAA to match reality. Registration is a one-time entry ticket at the door (Phase 1), not part of the verification work inside.

Topics

#DITSCAP#Certification & Accreditation (C&A)#Security Verification#System Development Life Cycle (SDLC) Security

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice