Accreditation Determinations
Question
The IAM/CA makes certification accreditation recommendations to the DAA.
The DAA issues accreditation determinations.
Which of the following are the accreditation determinations issued by the DAA? Each correct answer represents a complete solution.
Choose all that apply.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.because of an inadequate IA design or failure to implement assigned IA Controls.
Answer: E is incorrect.
No such type of accreditation determination exists.
The DAA issues one of the following four accreditation determinations: Approval to Operate (ATO): It is an authorization of a DoD information system to process, store, or transmit information.
Interim Approval to Operate (IATO): It is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls.
Interim Approval to Test (IATT): It is a temporary approval to conduct system testing based on an assessment of the implementation status of the assigned IA Controls.
Denial of Approval to Operate (DATO): It is a determination that a DoD information system cannot operate.
IAM stands for Identity and Access Management, and CA stands for Certification Authority. The question is related to the process of accreditation and certification of secure software development.
The DAA (Designated Accreditation Authority) is responsible for issuing accreditation determinations for a system or software application after it has been evaluated by the IAM/CA (Identity and Access Management/Certification Authority).
Here are the possible options:
A. IATT (Interim Authorization to Test): This determination allows an application to be tested on a limited basis, usually for a short period, to identify any potential problems before a full deployment.
B. IATO (Interim Authorization to Operate): This determination allows an application to be deployed and operated on a limited basis while remaining under evaluation.
C. DATO (Denied Authorization to Operate): This determination indicates that an application has been evaluated and found not to meet the necessary security requirements, and therefore, it is not authorized to operate.
D. ATO (Authorization to Operate): This determination indicates that an application has been evaluated and meets all the necessary security requirements and can be deployed and operated securely.
E. ATT (Authorization to Test): This determination allows an application to be tested on a full basis, without limitations or restrictions.
Therefore, the accreditation determinations issued by the DAA are IATT, IATO, DATO, and ATO. Option E (ATT) is not a valid determination in the context of the question.
