CSSLP · Question #346
CSSLP Question #346: Real Exam Question with Answer & Explanation
The correct answer is C: DAA. The Designated Approving Authority (DAA) is the individual responsible for making the final decision to authorize or accredit an information system for operation. This decision signifies that the system's security posture is acceptable and that it can operate within its specified
Question
Who amongst the following makes the final accreditation decision?
Options
- AISSE
- BCRO
- CDAA
- DISSO
Explanation
The Designated Approving Authority (DAA) is the individual responsible for making the final decision to authorize or accredit an information system for operation. This decision signifies that the system's security posture is acceptable and that it can operate within its specified environment.
Common mistakes.
- A. An Information System Security Engineer (ISSE) designs, develops, and implements security solutions for information systems, but does not make accreditation decisions.
- B. A Chief Risk Officer (CRO) is typically responsible for overseeing an organization's overall risk management strategy, but the DAA holds the specific authority for system accreditation decisions.
- D. An Information System Security Officer (ISSO) is responsible for the day-to-day security posture and operations of an information system, working under the DAA's guidance but not making the final accreditation decision.
Concept tested. Certification and Accreditation (C&A) Roles - DAA
Reference. https://csrc.nist.gov/glossary/term/authorizing_official
Topics
Community Discussion
No community discussion yet for this question.