The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation? Each correct answer represents a complete solution. Choose all that apply.
A.
System accreditation
B.
Type accreditation
C.
Secure accreditation
D.
Site accreditation
Explanation:
NIACAP accreditation is of three types depending on what is being certified. They are as follows:
1. Site accreditation: This type of accreditation evaluates the applications and systems at a specific, self contained location.
2. Type accreditation: This type of accreditation evaluates an application or system that is distributed to a number of different locations.
3. System accreditation: This accreditation evaluates a major application or general support system.
Answer option C is incorrect. No such type of NIACAP accreditation exists.
What is NIACAP? Hide
NIACAP stands for National Information Assurance Certification and Accreditation Process. The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. NIACAP is derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it plays a key role in the National Information Assurance Partnership.
What is Certification and Accreditation? Hide
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3.Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
Reference: The CISSP and CAP Study Guide, Contents: "Understanding Certification and Accreditation"