Free Preparation Discussions
MENU
ISC2 Exam CSSLP Topic 8 Question 19 Discussion
Topic #: 8
Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment?
C&A consists of four phases in a DITSCAP assessment. These phases are the same as NIACAP phases. The order of these phases is as
follows:
1.Definition: The definition phase is focused on understanding the IS business case, the mission, environment, and architecture. This
phase determines the security requirements and level of effort necessary to achieve Certification & Accreditation (C&A).
2.Verification: The second phase confirms the evolving or modified system's compliance with the information. The verification phase
ensures that the fully integrated system will be ready for certification testing.
3.Validation: The third phase confirms abidance of the fully integrated system with the security policy. This phase follows the
requirements slated in the SSAA. The objective of the validation phase is to show the required evidence to support the DAA in
accreditation process.
4.Post Accreditation: The Post Accreditation is the final phase of DITSCAP assessment and it starts after the system has been certified
and accredited for operations. This phase ensures secure system management, operation, and maintenance to save an acceptable
level of residual risk.
Currently there are no comments in this discussion, be the first to comment!