Which of the following processes provides a standard set of activities, general tasks, and a
management structure to certify and accredit systems, which maintain the information assurance
and the security posture of a system or site?
A.
NSA-IAM
B.
DITSCAP
C.
ASSET
D.
NIACAP
Explanation:
NIACAP is a process, which provides a standard set of activities, general tasks, and a
management structure to certify and accredit systems that maintain the information assurance and
the security posture of a system or site.
Answer option B is incorrect. DITSCAP is a process, which establishes a standard process, a set of
activities, general task descriptions, and a management structure to certify and accredit the IT
systems that will maintain the required security posture.
Answer option A is incorrect. The NSA-IAM evaluates information systems at a high level and uses a
subset of the SSE-CMM process areas to measure the implementation of information security on
these systems.
Answer option C is incorrect. ASSET is a tool developed by NIST to automate the process of selfassessment through the use of the questionnaire in NIST.
CISM Review Manual 2010, Contents. “Information security process management”