In which of the following phases of the DITSCAP process does Security Test and Evaluation
(ST&E) occur?
A.
Phase 2
B.
Phase 4
C.
Phase 3
D.
Phase 1
Explanation:
Security Test and Evaluation (ST&E) occurs in Phase 3 of the DITSCAP C&A
goal of this phase is to define the C&A level of effort, identify the main C&A roles and
responsibilities, and create an agreement on the method for implementing the security
requirements. The Phase 1 starts with the input of the mission need. This phase comprises three
Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully
integrated system for certification testing and accreditation. This phase takes place between the
signing of the initial version of the SSAA and the formal accreditation of the system. This phase
verifies security requirements during system development. The process activities of this phase are
as follows: Configuring refinement of the SSAA System development Certification analysis
known as Post Accreditation. This phase starts after the system has been accredited in the Phase
3. The goal of this phase is to continue to operate and manage the system and to ensure that it
will maintain an acceptable level of residual risk. The process activities of this phase are as
follows: System operations Security operations Maintenance of the SSAA Change management
Compliance validation