nerdexam
(ISC)2

CISSP-ISSEP · Question #63

Which of the following roles is also known as the accreditor?

The correct answer is D. Designated Approving Authority. Designated Approving Authority (DAA) is the formal title used in government and federal security frameworks (such as DIACAP) for the individual who has the authority to officially approve - or accredit - an information system for operation, accepting the residual risk on behalf o

Governance and Training

Question

Which of the following roles is also known as the accreditor?

Options

  • AData owner
  • BChief Information Officer
  • CChief Risk Officer
  • DDesignated Approving Authority

How the community answered

(31 responses)
  • B
    3% (1)
  • C
    3% (1)
  • D
    94% (29)

Explanation

Designated Approving Authority (DAA) is the formal title used in government and federal security frameworks (such as DIACAP) for the individual who has the authority to officially approve - or accredit - an information system for operation, accepting the residual risk on behalf of the organization. The Data Owner (A) is responsible for classifying and managing the data itself, but does not have the authority to accredit systems. The Chief Information Officer (B) oversees IT strategy and governance broadly, while the Chief Risk Officer (C) manages enterprise risk - neither role carries the specific accreditation authority. A helpful memory tip: think "DAA = Decides Approval Authority" - the DAA is the one who signs off and says "this system is approved to operate," which is the essence of accreditation.

Topics

#Accreditation#Information Security Roles#Designated Approving Authority#Authorization to Operate (ATO)

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice