nerdexam
(ISC)2

CISSP-ISSEP · Question #85

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the secu

The correct answer is C. NIACAP. NIACAP (National Information Assurance Certification and Accreditation Process) is the correct answer because it is the U.S. national-level standard that defines exactly what the question describes: a structured set of activities, general tasks, and a management framework specifi

Risk Management

Question

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

Options

  • AASSET
  • BNSA-IAM
  • CNIACAP
  • DDITSCAP

How the community answered

(27 responses)
  • A
    4% (1)
  • C
    93% (25)
  • D
    4% (1)

Explanation

NIACAP (National Information Assurance Certification and Accreditation Process) is the correct answer because it is the U.S. national-level standard that defines exactly what the question describes: a structured set of activities, general tasks, and a management framework specifically designed to certify and accredit systems while maintaining information assurance and security posture across government systems.

Why the distractors are wrong:

  • ASSET (Automated Security Self-Evaluation Tool) is a NIST self-assessment tool for evaluating security controls, not a certification and accreditation (C&A) process framework.
  • NSA-IAM (NSA Information Assessment Methodology) is a methodology for performing information security assessments of organizations, not a C&A accreditation process.
  • DITSCAP (Defense Information Technology Security C&A Process) is a close distractor - it is a C&A process, but it applies specifically to DoD systems, making it narrower in scope than NIACAP, which operates at the national level.

Memory tip: Think NIACAP = National - the "N" stands for the broadest, most general scope. DITSCAP is the Defense-specific version, so if the question says "standard" and doesn't mention DoD, NIACAP is your answer. When you see "maintains information assurance and security posture" with no military qualifier, go national (NIACAP).

Topics

#Certification and Accreditation (C&A)#Information Assurance#Security Frameworks#NIACAP

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice