The Phase 4 of DITSCAP C&A is known as Post Accreditation.
This phase starts after the system has been accredited in Phase 3
What are the process activities of this phase? Each correct answer represents a complete solution.
Choose all that apply.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.phase are as follows: System operations Security operations Maintenance of the SSAA Change management Compliance validation Answer: F is incorrect.
It is a.
The Phase 4 of DITSCAP C&A is known as Post Accreditation.
This phase starts after the system has been accredited in the Phase 3
The goal of this phase is to continue to operate and manage the system and to ensure that it will maintain an acceptable level of residual risk.
The process activities of this Phase 3 activity.
DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process) was a standard process used by the U.S. Department of Defense for certifying and accrediting information systems. The DITSCAP process was replaced by the more comprehensive DIACAP (DoD Information Assurance Certification and Accreditation Process) in 2006.
Phase 4 of DITSCAP is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. In this phase, the system is operated and maintained while continuing to ensure that the security posture of the system remains adequate.
The following are the process activities of the Post Accreditation phase:
A. Security operations: This involves ongoing monitoring and analysis of the system to ensure that it continues to operate securely. It also involves incident response and reporting.
B. Maintenance of the SSAA: The System Security Authorization Agreement (SSAA) is a document that describes the security posture of the system. It must be kept up-to-date and accurate to reflect the current state of the system.
C. Compliance validation: This involves periodic assessments to ensure that the system continues to meet all relevant security standards and regulations.
D. Change management: This involves tracking and managing changes to the system to ensure that they do not negatively impact the security posture of the system.
E. System operations: This involves ongoing maintenance and management of the system to ensure that it continues to operate as intended.
F. Continue to review and refine the SSAA: This involves periodically reviewing and updating the SSAA to ensure that it accurately reflects the security posture of the system.
In summary, the Post Accreditation phase of DITSCAP involves ongoing management and maintenance of the system to ensure that it continues to operate securely and meet all relevant security standards and regulations.