0
Yes - the DAA can accept non-compliance of an IA control. In doing so however, they accept the risk that comes with the non-compliance. Risk acceptance by the DAA is not just a matter of them deciding the risk is something the network should accept. They are held legally responsible for their decisions and can be prosecuted (with the potential for both fines and incarceration) for accepting risk that they should not have. As a consequence, the DAA will usually want to see the residual risk reduced to Low for the system or application. Any non-compliant controls should be mitigated and included in a Plan of Actions and Milestones for correction.
What else can I help you with?
The determines the degree to which a system complies with assigned IA controls based on validation results and then makes a certification determination to the DAA?
The Certification Authority determines the degree to which a system complies with assigned IA controls and makes the certification determination to the DAA.
Determines the degree to which a system complies with assigned IA controls based on validation results and then makes a certification determination to the DAA?
The Certification Authority is tasked with determining the degree to which a system complies with the assigned IA controls (based on validation results) and then provides the certification determination to the DAA. The DAA then makes a decision on whether to authorize the system for operation.
What IA role ensures all IAM's are US citizens and meet all identified access requirements?
DAA
What is the full form of daa?
In a software security regulations context, DAA stands for Designated Accrediting Authority (as per DoDI 8510.01). This is synonymous with "designated approving authority" and "delegated accrediting authority" - terms which were used in prior DoD IA regulations.There are obviously different definitions for the acronym in other contexts.
What determines the degree to which a system complies with assigned IA controls based on validation results and then makes a certification determination to the DAA?
The DIACAP Scorecard conveys compliance with assigned IA Controls and the IS C&A decision status. The Certifying Authority (CA) has the authority and responsibility for the certification of information systems governed by a DoD Component IA Program.
When DID durba banerjee joined IA?
(IA = Indian Airlines) IA refused to accept her initially. They preferred to hire men with 100 hours flying experience even though she had already logged 6000 hours! It was only in 1966 that she finally joined IA.
What is An IA Control?
An objective IA condition of integrity, availability, or confidentiality achieved through the application of specific safeguards.
The information system received an authorization to operate from the daa what is the maximum allowable ato duration?
The system's IA controls must be reviewed at least annually and the system must be reaccredited at least every three years
How do you say control in Samoan?
Fa'atonu: "She will control the Women's Section." "O ia o le a fa'atonu ina le Itu a Tama'ita'i.". Ta'ita'i: "She will lead/control the Women's Section." "O ia o le a ta'ita'i i le Itu a Tama'ita'i." Pule: "She will manage/control the Women's Section." "O ia o le a pule i le Itu a Tama'ita'i."
DIACAP requires you to review your IA posture?
Yes - DIACAP requires you to review your IA posture. DoDI 8510.2 (DIACAP) and DoDI 8500.2 both require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
In accordance with AR 25-2 whose responsibility is it to ensure all users receive initial and annual IA awareness training?
IASO
Ia there a manual transmission cruise control on a kia rio?
No, only through the aftermarket. There are no factory cruise control kits.
