Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system.
Click on the arrows to vote for the correct answer
A. B. C. D.B.
DITSCAP stands for the Department of Defense Information Technology Security Certification and Accreditation Process. It is a formal and systematic process for evaluating, testing, and accrediting information systems that operate on DoD networks.
The DITSCAP process consists of six phases, which are:
Now, coming to the question, the correct answer is:
C. Phase 4
Phase 4, Post Accreditation, takes place between the signing of the initial version of the SSAA (System Security Authorization Agreement) and the formal accreditation of the system. This phase involves the continuous monitoring of the system to ensure that it maintains its accredited status. It also involves periodic reviews and updates to the SSAA, which must be signed by the appropriate DoD officials.
During this phase, the system undergoes ongoing assessment to identify and mitigate any potential vulnerabilities or threats. This is done to ensure that the system remains secure and continues to meet the DoD's security requirements. Once the system has been fully accredited, it enters the System Maintenance phase.
In summary, Phase 4 of the DITSCAP process takes place between the signing of the initial version of the SSAA and the formal accreditation of the system. It involves the continuous monitoring of the system and periodic updates to the SSAA to maintain the system's accredited status.