Certified Secure Software Lifecycle Professional (CSSLP) — Question 79

Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement on the method for implementing the security requirements?

Answer options

• A. Phase 1
• B. Phase 4
• C. Phase 2
• D. Phase 3

Correct answer: C

Explanation

The correct answer is C, Phase 2, where the level of effort for Certification and Accreditation (C&A) is defined, and responsibilities are assigned. The other phases focus on different aspects of the C&A process, such as implementation and assessment, rather than the initial agreement and role clarification.