Certified Secure Software Lifecycle Professional (CSSLP) — Question 95

In which of the following DIACAP phases is residual risk analyzed?

Answer options

• A. Phase 1
• B. Phase 5
• C. Phase 2
• D. Phase 4
• E. Phase 3

Correct answer: A

Explanation

Residual risk is assessed in Phase 1 of the DIACAP process, where initial security requirements are defined and risks are identified. The other phases focus on different aspects of the security certification process, such as implementation, assessment, and continuous monitoring, rather than the initial risk analysis.