Free Preparation Discussions
MENU
ISC2 Exam ISSEP Topic 4 Question 20 Discussion
Topic #: 4
Which of the following DITSCAP/NIACAP model phases is used to show the required evidence to
support the DAA in accreditation process and conclude in an Approval To Operate (ATO)?
he DAA in accreditation process and conclude in an Approval To Operate (ATO).
C&A consists of four phases in a DITSCAP assessment. These phases are the same as NIACAP phases.
The order of these phases is as
follows:
1.Definition: The definition phase is focused on understanding the IS business case, the mission,
environment, and architecture. This
phase determines the security requirements and level of effort necessary to achieve Certification &
Accreditation (C&A).
2.Verification: The second phase confirms the evolving or modified system's compliance with the
information. The verification phase
ensures that the fully integrated system will be ready for certification testing.
3.Validation: The third phase confirms abidance of the fully integrated system with the security
policy. This phase follows the
requirements slated in the SSAA. The objective of the validation phase is to show the required
evidence to support the DAA in
accreditation process.
4.Post Accreditation: The Post Accreditation is the final phase of DITSCAP assessment and it starts
after the system has been certified
and accredited for operations. This phase ensures secure system management, operation, and
maintenance to save an acceptable
level of residual risk.
Currently there are no comments in this discussion, be the first to comment!