You work as a security engineer for BlueWell Inc. According to you, which of the following
DITSCAP/NIACAP model phases occurs at the initiation of the project, or at the initial C&A effort
of a legacy system?

A.
Validation

B.
Definition

C.
Verification

D.
Post Accreditation

Explanation:
The definition phase of the DITSCAP/NIACAP model takes place at the beginning of
the project, or at the initial C&A effort of a legacy system. C&A consists of four phases in a
DITSCAP assessment. These phases are the same as NIACAP phases. The order of these
phases is as follows: 1.Definition: The definition phase is focused on understanding the IS
business case, the mission, environment, and architecture. This phase determines the security
requirements and level of effort necessary to achieve Certification & Accreditation (C&A).
2.Verification: The second phase confirms the evolving or modified system’s compliance with the
information. The verification phase ensures that the fully integrated system will be ready for
certification testing. 3.Validation: The third phase confirms abidance of the fully integrated system
with the security policy. This phase follows the requirements slated in the SSAA. The objective of
the validation phase is to show the required evidence to support the DAA in accreditation process.
4.Post Accreditation: The Post Accreditation is the final phase of DITSCAP assessment and it
starts after the system has been certified and accredited for operations. This phase ensures
secure system management, operation, and maintenance to save an acceptable level of residual
risk.