nerdexam
(ISC)2

CISSP-ISSEP · Question #70

According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?

The correct answer is D. DoD 8500.1 (IAW). DoD 8500.1 is the overarching DoD Information Assurance (IA) policy - the foundational directive that mandates DITSCAP certification and accreditation for all DoD IT systems, regardless of whether they handle classified or unclassified information. It sits at the top of the IA po

Risk Management

Question

According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?

Options

  • ADoD 8500.2
  • BDoDI 5200.40
  • CDoD 8510.1-M DITSCAP
  • DDoD 8500.1 (IAW)

How the community answered

(19 responses)
  • C
    5% (1)
  • D
    95% (18)

Explanation

DoD 8500.1 is the overarching DoD Information Assurance (IA) policy - the foundational directive that mandates DITSCAP certification and accreditation for all DoD IT systems, regardless of whether they handle classified or unclassified information. It sits at the top of the IA policy hierarchy and drives all downstream IA requirements.

Why the distractors are wrong:

  • A (DoD 8500.2) is the implementation instruction under 8500.1 - it specifies IA controls but does not itself mandate DITSCAP.
  • B (DoDI 5200.40) describes the DITSCAP process (what it is and how it works), but it is not the policy that makes it compulsory across all systems.
  • C (DoD 8510.1-M DITSCAP) is the DITSCAP application manual - a how-to guide for applying the process, not the mandate.

Memory tip: Think of 8500.1 as the #1 rule - the single governing IA policy that sets the mandate. Everything else (8500.2, 5200.40, 8510.1-M) is a subordinate instruction or manual that flows from it.

Topics

#DoD Policies#DITSCAP#Certification and Accreditation (C&A)#Information Assurance (IA)

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice