0
The DoD IS has initiated the DITSCAP but does not have a signed Phase One System Security Authorization What is the next step?
Wiki User
∙ 12y ago
C. Continue DITSCAP
This might have been a correct answer to a quiz in the past, but DoDI 5200.40 (DITSCAP) and DoD 8510.1-M (DITSCAP Manual) were cancelled when DoDI 8510.01 (DIACAP) was issued on November 28, 2007. If a system does not have a signed Phase One System Security Authorization Agreement (SSAA) they are required to conduct their certification and accreditation under DIACAP. Anything prepared under DITSCAP is useful only as reference material to aid in preparing the DIACAP documentation.
Wiki User
∙ 12y ago
Add your answer:
Earn +20 pts
The dod is has signed phase one system security authorization agreement and is currently in ditscap phase three what is the next step?
Continue DITSCAP for a set period of time
The dod information system has a ditscap authorization to operate that is four years old?
DIACAP has been in force for more that 3 years so a system with a DITSCAP authorization has an EXPIRED authorization and the DAA should issue a DATO immediately unless the system owner can provide justifcation for continued operation AND sufficient documentation to allow the CA to evaluate the risk of continued operation and for DAA to accept the risk and issue an IATO until a full re-accreditation can be completed. Note that the DoD will soon be moving to RMF (risk management framework) so DITSCAP will be WAY, WAY out of date then!
The dod information system has a ditscap authorization to operate that is four years old what is the next step?
Contact the DAA to request an IATO while you hurry up and get your act together and get the DIACAP documentation together before they shut the system down!
What are methods of computer security?
Access Control Systems. Authentication. Multi-factor authentication Authorization. Firewalls and Internet Security. Intrusion prevention system. Intrusion detection system.
How does ditscap differ from diacap?
DITSCAP is the outdated version of the DoD process for assessing the security of DoD information systems. It was replaced by DIACAP. DIACAP is, in turn, being replaced by the RMF process where continuous montoring is to be implemented.DIACAP :Platform-centric as opposed to system or network centric.Information belongs to system owner and risks are identified specific to the systemIndividual C/S/A defined IA controlsCertification appointed Certification Authority
What must be done if information systems has a DITSCAP that is four years old?
Since under 8500.2, an ATO cannot be issued for more than 3 years, if a system is operating under a DITSCAP package that is 4 years old, its ATO has expired and the DAA can (and should) issue a DATO (Denial of Authorization To Operate), meaning that the system is immediately denied ATC (Authority To Connect), which means it is then cut off from the GIG. Even if the system is not connected to the GIG, a DATO means that the system must be shut down and not used until it gets at least an IATO from the DAA.
Is a web content management system necessary if you want to protect your internet inventions?
A web content management system is not related to the security of internet inventions protection. Internet security is ensured by things like, SSL security certificates, password, username authentication and authorization.
Why do I get this message 'You are trying to access the system outside of the authorization window specified by your administrator. Click OK to return to the AHRS Web Portal.'?
You are trying to violate the system's security as defined by its administrator.
What reponse is initiated by the sympathetic neuvous system?
The fight or flight response is initiated by the sympathetic nervous system.
What determines what an individual can do in the system after he or she authenticated?
Authorization
Bank control key in France?
In France, banks have key controls to ensure that only the people of a certain level of authorization can access various areas of the banking system. It is a security feature.
What is the process that states what a user can and cannot do on a system?
Authorization
