ISC2 ISSEP Exam - Topic 1 Question 22 Discussion

DAA is an upper-level manager who has the power and capability to evaluate the mission, business

case, and budgetary needs of the system

while also considering the security risks.

The Designated Approving Authority (DAA), in the United States Department of Defense, is the

official with the authority to formally assume

responsibility for operating a system at an acceptable level of risk. The DAA is responsible for

implementing system security. The DAA can grant

the accreditation and can determine that the system's risks are not at an acceptable level and the

system is not ready to be operational.

Answer option C is incorrect. Certifier is the technical expert of the C&A process, and can be an

individual or an entire team. The certifiers

establish whether a system is prepared to undergo certification, and then use their expertise to

conduct the system certification.

Answer option A is incorrect. User Representative ensures that the operational interests of the

system are maintained. The user groups work

as a supporter for attributes, such as system availability, access, performance, integrity, and

functionality.

Answer option B is incorrect. Program Manager has the responsibility for schedules, costs and

performance, and informing the other team

members of status.