Certified Secure Software Lifecycle Professional (CSSLP) — Question 19

You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAP/NIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system?

Answer options

• A. Validation
• B. Definition
• C. Verification
• D. Post Accreditation

Correct answer: B

Explanation

The correct answer is B, Definition, as this phase is focused on establishing the project requirements and scope at the outset. The other options refer to later stages in the process: Validation (A) assesses whether security measures are effective, Verification (C) ensures that the requirements are met, and Post Accreditation (D) occurs after the accreditation process is completed.