Certification and Accreditation (C&A or CnA) is a process for implementing information security.
Which of the following is the correct order of C&A phases in a DITSCAP assessment?

A.
Verification, Definition, Validation, and Post Accreditation

B.
Definition, Validation, Verification, and Post Accreditation

C.
Definition, Verification, Validation, and Post Accreditation

D.
Verification, Validation, Definition, and Post Accreditation

Explanation:
C&A consists of four phases in a DITSCAP assessment. These phases are the
same as NIACAP phases. The order of these phases is as follows: 1.Definition: The definition
phase is focused on understanding the IS business case, the mission, environment, and
architecture. This phase determines the security requirements and level of effort necessary to
achieve Certification & Accreditation (C&A). 2.Verification: The second phase confirms the
evolving or modified system’s compliance with the information. The verification phase ensures that
the fully integrated system will be ready for certification testing. 3.Validation: The third phase
confirms abidance of the fully integrated system with the security policy. This phase follows the
requirements slated in the SSAA. The objective of the validation phase is to show the required
evidence to support the DAA in accreditation process. 4.Post Accreditation: The Post Accreditation
is the final phase of DITSCAP assessment and it starts after the system has been certified and
accredited for operations. This phase ensures secure system management, operation, and
maintenance to save an acceptable level of residual risk.