nerdexam
(ISC)2

CISSP-ISSEP · Question #92

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

The correct answer is C. DoD 5200.40. DoD Directive 5200.40 is the document that formally established DITSCAP (DoD Information Technology Security Certification and Accreditation Process) as the standard C&A framework across the Department of Defense, making C the correct answer. The distractors each reference real D

Governance and Training

Question

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

Options

  • ADoD 5200.22-M
  • BDoD 8910.1
  • CDoD 5200.40
  • DDoD 8000.1

How the community answered

(45 responses)
  • A
    7% (3)
  • B
    2% (1)
  • C
    87% (39)
  • D
    4% (2)

Explanation

DoD Directive 5200.40 is the document that formally established DITSCAP (DoD Information Technology Security Certification and Accreditation Process) as the standard C&A framework across the Department of Defense, making C the correct answer.

The distractors each reference real DoD documents but unrelated ones: 5200.22-M is the National Industrial Security Program Operating Manual (NISPOM), governing contractor security; 8910.1 deals with information collection and reporting requirements; and 8000.1 covers DoD information management policy - none of which define the C&A process.

Memory tip: The "40" in 5200.40 can remind you of a "checklist of 40 steps" - think of DITSCAP as a thorough, step-by-step accreditation checklist, and the directive that created it ends in 40.

Topics

#DITSCAP#C&A#DoD Directives#Security Frameworks

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice