CAP: Security Assessment and Authorization Certification - Phases Review | Exam Answer

Phases Review: SSAA in DITSCAP Accreditation

Question

Which of the following phases begins with a review of the SSAA in the DITSCAP accreditation?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process) is a formal process used to assess and authorize information systems within the Department of Defense. It consists of six phases, each with specific objectives and activities.

The Security System Authorization Agreement (SSAA) is a document that outlines the security requirements and risks associated with an information system. It is a key document that is used throughout the DITSCAP process.

To answer the question, we need to understand which phase of the DITSCAP process begins with a review of the SSAA.

Phase 1: Definition of the System During this phase, the information system is defined, and the system security requirements are identified. The SSAA is not yet available at this stage, so it is not the correct answer.

Phase 2: Verification of the System In this phase, the security controls are identified, and a risk assessment is conducted. The SSAA is usually drafted during this phase, but it is not yet reviewed. Therefore, Phase 2 is also not the correct answer.

Phase 3: Validation of the System During this phase, the security controls are tested, and a security evaluation report is produced. The SSAA is reviewed during this phase to ensure that it is accurate and complete. Therefore, the correct answer is C. Phase 3.

Phase 4: Post Accreditation During this phase, the information system is continuously monitored, and any changes are evaluated for their impact on the system's security. The SSAA is not reviewed during this phase, so it is not the correct answer.

Phase 5: Reaccreditation In this phase, the information system is reassessed and reaccredited to ensure that it continues to meet the security requirements. The SSAA is not reviewed during this phase, so it is not the correct answer.

Phase 6: Decommissioning During this final phase, the information system is decommissioned and disposed of securely. The SSAA is not reviewed during this phase, so it is not the correct answer.

In summary, the correct answer is C. Phase 3, as this is the phase that begins with a review of the SSAA in the DITSCAP accreditation process.