Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Which of the following refers to an information security document that is used in the United States
Department of Defense (DoD) to describe and accredit networks and systems?

Which of the following refers to an information security document that is used in the United States
Department of Defense (DoD) to describe and accredit networks and systems?

A.
SSAA

B.
FITSAF

C.
FIPS

D.
TCSEC

Explanation:
System Security Authorization Agreement (SSAA) is an information security document used in the
United States Department of Defense (DoD) to describe and accredit networks and systems. The
SSAA is part of the Department of Defense Information Technology Security Certification and
Accreditation Process, or DITSCAP. The DoD instruction (issues in December 1997, that describes
DITSCAP and provides an outline for the SSAA document is DODI 5200.40. The DITSCAP application
manual (DoD 8510.1-M), published in July 2000, provides additional details.
Answer option B is incorrect. FITSAF stands for Federal Information Technology Security Assessment
Framework. It is a methodology for assessing the security of information systems. It provides an
approach for federal agencies. It determines how federal agencies are meeting existing policy and
establish goals. The main advantage of FITSAF is that it addresses the requirements of Office of

Management and Budget (OMB). It also addresses the guidelines provided by the National Institute
of Standards and Technology (NIsT).
Answer option D is incorrect. Trusted Computer System Evaluation Criteria (TCSEC) is a United States
Government Department of Defense (DoD) standard that sets basic requirements for assessing the
effectiveness of computer security controls built into a computer system. TCSEC was used to
evaluate, classify, and select computer systems being considered for the processing, storage, and
retrieval of sensitive or classified information. It was replaced with the development of the Common
Criteria international standard originally published in 2005. The
TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series
publications.



Leave a Reply 0

Your email address will not be published. Required fields are marked *