CISSP-ISSEP · Question #60
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems t
The correct answer is B. Designated Approving Authority C. Certification agent D. IS program manager E. User representative. NIACAP formally defines exactly four required participants in a security assessment: the Designated Approving Authority (DAA), who holds official authority to approve system operation at acceptable risk; the Certification Agent, who conducts the technical evaluation; the IS Progr
Question
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.
Options
- AInformation Assurance Manager
- BDesignated Approving Authority
- CCertification agent
- DIS program manager
- EUser representative
How the community answered
(28 responses)- A7% (2)
- B93% (26)
Explanation
NIACAP formally defines exactly four required participants in a security assessment: the Designated Approving Authority (DAA), who holds official authority to approve system operation at acceptable risk; the Certification Agent, who conducts the technical evaluation; the IS Program Manager, who oversees system procurement and development; and the User Representative, who advocates for the operational user community. These four roles are explicitly mandated by the NIACAP documentation and each plays a distinct, non-overlapping part in the C&A lifecycle.
Option A, the Information Assurance Manager (IAM), is the distractor - this role originates from DIACAP (the successor framework) and the IATF, not from NIACAP's defined participant structure. While an IAM may exist in an organization, NIACAP does not list the IAM as one of its four required roles.
Memory tip: Think "Dad Checks IT Use" - DAA, Certification Agent, IS Program Manager, User Representative. If you remember those four, anything else (like IAM) is a framework-bleed from DIACAP/IATF and doesn't belong in the NIACAP required participants list.
Topics
Community Discussion
No community discussion yet for this question.