ISC2 Exam CSSLP Topic 8 Question 19 Discussion

C&A consists of four phases in a DITSCAP assessment. These phases are the same as NIACAP phases. The order of these phases is as

follows:

1.Definition: The definition phase is focused on understanding the IS business case, the mission, environment, and architecture. This

phase determines the security requirements and level of effort necessary to achieve Certification & Accreditation (C&A).

2.Verification: The second phase confirms the evolving or modified system's compliance with the information. The verification phase

ensures that the fully integrated system will be ready for certification testing.

3.Validation: The third phase confirms abidance of the fully integrated system with the security policy. This phase follows the

requirements slated in the SSAA. The objective of the validation phase is to show the required evidence to support the DAA in

accreditation process.

4.Post Accreditation: The Post Accreditation is the final phase of DITSCAP assessment and it starts after the system has been certified

and accredited for operations. This phase ensures secure system management, operation, and maintenance to save an acceptable

level of residual risk.