ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 1 question 96 discussion

Actual exam question from ISC's CSSLP
Question #: 96
Topic #: 1
[All CSSLP Questions]

The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations issued by the DAA? Each correct answer represents a complete solution. Choose all that apply.

  • A. IATT
  • B. IATO
  • C. DATO
  • D. ATO
  • E. ATT
Show Suggested Answer Hide Answer
Suggested Answer: because of an inadequate IA design or failure to implement assigned IA Controls. Answer: E is incorrect. No such type of accreditation determination exists. 🗳️
The DAA issues one of the following four accreditation determinations: Approval to Operate (ATO): It is an authorization of a DoD information system to process, store, or transmit information. Interim Approval to Operate (IATO): It is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls. Interim Approval to Test (IATT): It is a temporary approval to conduct system testing based on an assessment of the implementation status of the assigned IA Controls. Denial of Approval to Operate (DATO): It is a determination that a DoD information system cannot operate
by 74gjd_37 at Sept. 30, 2023, 6:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 2 weeks ago
Selected Answer: BD
The accreditation determinations issued by the DAA are IATO and ATO. Therefore, options B and D are correct. Option A (IATT), option C (DATO), and option E (ATT) are not relevant to CSSLP accreditation.
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
ATO stands for Authorization to Operate and is a formal determination issued by the Designated Accreditation Authority (DAA) stating that a particular system or application has been assessed, evaluated, and found to have an acceptable level of security controls in place. An ATO indicates that the organization responsible for the system/application has completed all necessary steps in adhering to established guidelines, policies, and regulations. An ATO includes documentation indicating compliance with federal standards such as CNSSI 1253, NIST SP 800-53 Rev4 requirements. The authorization process involves conducting comprehensive testing and evaluation of all relevant security controls based on the information gathered during earlier stages. Organizational leadership will determine if this risk is acceptable before issuing an ATO.
upvoted 1 times
...
74gjd_37
5 months, 2 weeks ago
IATO stands for Interim Authorization to Operate. It is an accreditation determination issued by the Designated Accreditation Authority (DAA) that allows a system or application to operate on an interim basis while a full assessment of its security controls and risks is being conducted. This determination may be given when there is an urgent need for the system/application to become operational, but a full Assessment and Authorization (A&A) process has not yet been completed. An IATO typically remains in effect until the A&A process can be fully completed, which involves conducting comprehensive testing and evaluation of all relevant security controls and documenting their effectiveness in mitigating identified risks.
upvoted 1 times
...
74gjd_37
5 months, 2 weeks ago
A Designated Accreditation Authority (DAA) is an individual or group responsible for making formal accreditation determinations regarding a given system, network, application or organization. The DAA ensures that critical data-related assets such as networks and applications meet stringent regulatory security controls established by government bodies. This person has full authority over decision-making relating to information security and operational risk management and oversee periodic reviews and assessments of systems/applications to ensure continued compliance with established standards.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago