Which of the following describes a residual risk as the risk remaining after a risk mitigation has
occurred?

A.
DIACAP

B.
SSAA

C.
DAA

D.
ISSO

Explanation:
DIACAP describes a residual risk as the risk remaining after a risk mitigation has
occurred. The Department of Defense Information Assurance Certification and Accreditation
Process (DIACAP) is a process defined by the United States Department of Defense (DoD) for
managing risk. DIACAP replaced the former process, known as DITSCAP (Department of Defense
Information Technology Security Certification and Accreditation Process), in 2006. DoD Instruction
(DoDI) 8510.01 establishes a standard DoD-wide process with a set of activities, general tasks,
and a management structure to certify and accredit an Automated Information System (AIS) that
will maintain the Information Assurance (IA) posture of the Defense Information Infrastructure (DII)
throughout the system’s life cycle.DIACAP applies to the acquisition, operation, and sustainment
of any DoD system that collects, stores, transmits, or processes unclassified or classified
information since December 1997. It identifies four phases: 1.System Definition 2.Verification
(ISSO) plays the role of a supporter. The responsibilities of an Information System Security Officer
(ISSO) are as follows: Manages the security of the information system that is slated for
Certification & Accreditation (C&A). Insures the information systems configuration with the
agency’s information security policy. Supports the information system owner/information owner for
the completion of security-related responsibilities. Takes part in the formal configuration
incorrect. The Designated Approving Authority (DAA), in the United States Department of
Defense, is the official with the authority to formally assume responsibility for operating a system
at an acceptable level of risk. The DAA is responsible for implementing system security. The DAA
can grant the accreditation and can determine that the system’s risks are not at an acceptable
Authorization Agreement (SSAA) is an information security document used in the United States
Department of Defense (DoD) to describe and accredit networks and systems. The SSAA is part
of the Department of Defense Information Technology Security Certification and Accreditation
Process, or DITSCAP (superseded by DIACAP). The DoD instruction (issues in December 1997,
that describes DITSCAP and provides an outline for the SSAA document is DODI 5200.40. The
DITSCAP application manual (DoD 8510.1-M), published in July 2000, provides additional details.