Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Exam ISSEP Topic 2 Question 1 Discussion

Actual exam question for ISC2's ISSEP exam
Question #: 1
Topic #: 2
[All ISSEP Questions]

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Special Publication (SP) is the guideline that is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information. Answer option D is incorrect. The Department of Defense Information Assurance

Certification and Accreditation Process (DIACAP) is a process defined by the United States

Department of Defense (DoD) for managing risk. DIACAP replaced the former process, known as

DITSCAP (Department of Defense Information Technology Security Certification and Accreditation

Process), in 2006. DoD Instruction (DoDI) 8510.01 establishes a standard DoD-wide process with a

set of activities, general tasks, and a management structure to certify and accredit an Automated

Information System (AIS) that will maintain the Information Assurance (IA) posture of the Defense

Information Infrastructure (DII) throughout the system's life cycle. The DIACAP process is different

from DITSCAP or NIACAP. Its overall process is similar to other C&A activities. The DIACAP process

consists of five phases, which are as follows:

1.Initiate and Plan IA C&A. This phase consists of the following activities:

Register system with DoD Component IA Program.

Assign IA controls.

Assemble DIACAP team.

Develop DIACAP strategy.

Initiate IA implementation plan.

2.Implement and Validate Assigned IA Controls: This phase consists of the following activities:

Execute and update IA implementation plan. Conduct validation activities. Combine validation

results in DIACAP scorecard. 3.Make Certification Determination and Accreditation Decisions: This

phase consists of the following activities:

Analyze residual risk.Issue certification determination.Make accreditation decision.

4.Maintain Authority to Operate and Conduct Reviews: This phase consists of the following activities:

Initiate and update lifecycle implementation plan for IA controls.

Maintain situational awareness.Maintain IA posture.

5.Decommission System: This phase consists of the following activities:

Conduct activities related to the disposition of the system data and objects.

Answer option A is incorrect. FIPS emphasizes on design, implementation, and approval of

cryptographic algorithms.Answer option C is incorrect. NISTIRs (Internal Reports) illustrate the study of a technical nature of interest to focused audience. NISTIRs consist of interim or final reports on work made by NIST for external sponsors, including government and non-government sponsors.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77