Certified Secure Software Lifecycle Professional (CSSLP) — Question 14

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?

Answer options

• A. Phase 3, Validation
• B. Phase 1, Definition
• C. Phase 2, Verification
• D. Phase 4, Post Accreditation Phase

Correct answer: B

Explanation

The correct answer is Phase 1, Definition, as it encompasses the necessary activities for defining and establishing the operational parameters and security requirements of the IT system. The other phases focus on validation, verification, and post-accreditation processes, which do not directly address the ongoing operation and threat management of the system.