Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process) is a process used to ensure that the information systems meet security requirements. The process consists of six phases:
The System Security Authorization Agreement (SSAA) is a key document in the DITSCAP process, which outlines the security requirements for the system, and is signed by the authorizing official.
Based on the provided question, the phase that takes place between the signing of the initial version of the SSAA and the formal accreditation of the system is:
Answer: D. Phase 4
Phase 4, Implementation and testing of the security controls, takes place after the signing of the initial version of the SSAA and before the formal accreditation of the system. This phase involves implementing and testing the security controls outlined in the SSAA, as well as assessing the effectiveness of the controls in meeting the security requirements.
Therefore, the correct answer is D. Phase 4.