New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSEP Exam - Topic 4 Question 20 Discussion

Actual exam question for ISC2's ISSEP exam
Question #: 20
Topic #: 4
[All ISSEP Questions]

Which of the following DITSCAP/NIACAP model phases is used to show the required evidence to

support the DAA in accreditation process and conclude in an Approval To Operate (ATO)?

Show Suggested Answer Hide Answer
Suggested Answer: B

he DAA in accreditation process and conclude in an Approval To Operate (ATO).

C&A consists of four phases in a DITSCAP assessment. These phases are the same as NIACAP phases.

The order of these phases is as

follows:

1.Definition: The definition phase is focused on understanding the IS business case, the mission,

environment, and architecture. This

phase determines the security requirements and level of effort necessary to achieve Certification &

Accreditation (C&A).

2.Verification: The second phase confirms the evolving or modified system's compliance with the

information. The verification phase

ensures that the fully integrated system will be ready for certification testing.

3.Validation: The third phase confirms abidance of the fully integrated system with the security

policy. This phase follows the

requirements slated in the SSAA. The objective of the validation phase is to show the required

evidence to support the DAA in

accreditation process.

4.Post Accreditation: The Post Accreditation is the final phase of DITSCAP assessment and it starts

after the system has been certified

and accredited for operations. This phase ensures secure system management, operation, and

maintenance to save an acceptable

level of residual risk.


by Hoa at May 05, 2022, 09:29 AM

Limited Time Offer

25%

Off

Get Premium ISSEP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Janna
4 months ago
I agree, Verification makes the most sense here!
upvoted 0 times
...
Sabina
4 months ago
Wait, are we sure about Verification? Seems too straightforward.
upvoted 0 times
...
Lenora
4 months ago
Post accreditation is just the follow-up, right?
upvoted 0 times
...
Sommer
4 months ago
I thought it was Validation, but now I'm not so sure.
upvoted 0 times
...
Lynelle
5 months ago
It's definitely the Verification phase!
upvoted 0 times
...
Mica
5 months ago
I vaguely recall that Post accreditation is more about what happens after the ATO is granted, so it can't be that one.
upvoted 0 times
...
Miles
5 months ago
I'm a bit confused about the differences between Verification and Validation. I feel like both could apply to supporting the ATO process.
upvoted 0 times
...
Lai
5 months ago
I remember practicing a question similar to this, and I think Validation was the phase that provided evidence for the DAA.
upvoted 0 times
...
Kenny
5 months ago
I think the phase we're looking for is Verification, but I'm not entirely sure if that's the right term used in the context of DITSCAP/NIACAP.
upvoted 0 times
...
Tawny
5 months ago
Hmm, I'm a bit unsure about the differences between the outer and inner labels. I'll need to review that part of the material again.
upvoted 0 times
...
Garry
5 months ago
I'm not totally sure about this one. I'll need to review the permissions for each of these roles to determine which one has the least access but can still view the confidential data.
upvoted 0 times
...
Noah
5 months ago
This seems like a straightforward question about analyzing customer satisfaction. I'd approach it by carefully considering each of the three data sources mentioned and how they could provide insights.
upvoted 0 times
...

Save Cancel