CISSP-ISSEP · Question #47
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
The correct answer is A. SSAA. SSAA (System Security Authorization Agreement) is the DoD-specific document used to describe, authorize, and accredit the security posture of networks and systems - it serves as the formal accreditation package required before a DoD system can operate. Why the distractors are wro
Question
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
Options
- ASSAA
- BFITSAF
- CFIPS
- DTCSEC
How the community answered
(19 responses)- A84% (16)
- B11% (2)
- C5% (1)
Explanation
SSAA (System Security Authorization Agreement) is the DoD-specific document used to describe, authorize, and accredit the security posture of networks and systems - it serves as the formal accreditation package required before a DoD system can operate.
Why the distractors are wrong:
- B. FITSAF (Federal Information Technology Security Assessment Framework) is a federal maturity model for assessing IT security programs, not a DoD accreditation document.
- C. FIPS (Federal Information Processing Standards) are NIST-published technical standards for cryptography and data handling - standards, not accreditation documents.
- D. TCSEC (Trusted Computer System Evaluation Criteria, the "Orange Book") is a legacy DoD standard for evaluating system security classifications, not for accrediting operational networks.
Memory tip: Think "SSAA = System Sign-off, Authorized & Accredited" - the double-A in SSAA directly maps to the two-step process of authorization and accreditation that DoD requires before a system goes live.
Topics
Community Discussion
No community discussion yet for this question.