CISSP-ISSEP · Question #70
According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?
The correct answer is D. DoD 8500.1 (IAW). DoD 8500.1 is the overarching DoD Information Assurance (IA) policy - the foundational directive that mandates DITSCAP certification and accreditation for all DoD IT systems, regardless of whether they handle classified or unclassified information. It sits at the top of the IA po
Question
According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?
Options
- ADoD 8500.2
- BDoDI 5200.40
- CDoD 8510.1-M DITSCAP
- DDoD 8500.1 (IAW)
How the community answered
(19 responses)- C5% (1)
- D95% (18)
Explanation
DoD 8500.1 is the overarching DoD Information Assurance (IA) policy - the foundational directive that mandates DITSCAP certification and accreditation for all DoD IT systems, regardless of whether they handle classified or unclassified information. It sits at the top of the IA policy hierarchy and drives all downstream IA requirements.
Why the distractors are wrong:
- A (DoD 8500.2) is the implementation instruction under 8500.1 - it specifies IA controls but does not itself mandate DITSCAP.
- B (DoDI 5200.40) describes the DITSCAP process (what it is and how it works), but it is not the policy that makes it compulsory across all systems.
- C (DoD 8510.1-M DITSCAP) is the DITSCAP application manual - a how-to guide for applying the process, not the mandate.
Memory tip: Think of 8500.1 as the #1 rule - the single governing IA policy that sets the mandate. Everything else (8500.2, 5200.40, 8510.1-M) is a subordinate instruction or manual that flows from it.
Topics
Community Discussion
No community discussion yet for this question.