Certified Information Systems Security Professional (CISSP) — Question 185

Which of the following reports provides the BEST attestation of detailed controls when evaluating an Identity as a Service (IDaaS) solution?

Answer options

Correct answer: B

Explanation

The Service Organization Control (SOC) 2 report is specifically designed to assess controls related to security, availability, processing integrity, confidentiality, and privacy, making it the best choice for evaluating IDaaS solutions. SOC 1 focuses on financial reporting controls and SOC 3 is a general-purpose report with less detail. SAS 70 has been replaced by SOC reports and is not relevant in this context.