Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CMMC original Slides > CCP Lesson 3 > Flashcards

CCP Lesson 3 Flashcards

1
Q

Maturity Model

A

A model that assesses how institutionalized critical practices and processes are in an organization and helps determine what capabilities they need in order to continue to improve their performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Domain

A

A grouping of like practices based on the 14 control families set forth in NIST SP 800-171

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Practice

A

An activity or set of activities that are performed to meet the defined CMMC objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Assessment Objective (AO)

A

Identifies the specific set of objectives that must be met to receive MET for the practice as defined in NIST SP 800-171A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Self-assessment

A

Assessing your organization’s compliance to the practice requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Self-attestation

A

Making an official declaration that something complies with regulations without independent substantiating evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Maturity Model

A

Measures how well you perform a checklist practice consistently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cybersecurity Maturity Model Certification (CMMC) Model 2.0

A

Identifies 3 levels of practices that lead to increasingly stronger cyber hygiene

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cybersecurity Maturity Model Certification (CMMC) Taxonomy

A

Cybersecurity Maturity Model Certification Model –> Domains –> Practices –> Assessment Objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cybersecurity Maturity Model Certification (CMMC) Domains

A

14 Domains:

Access Control
Audit and Accountability
Awareness and Training
Configuration Management
Identification and Authentication
Incident Response
Maintenance
Media Protection
Personnel Security
Physical Protection
Risk Assessment
Security Assessment
System and Communication Protection
System and information Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cybersecurity Maturity Model Certification (CMMC) Practice

A

One or more activities that an organization regularly performs, demonstrating a particular cybersecurity capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cybersecurity Maturity Model Certification (CMMC) Practice Numbering System

A

Practice number indicate:

Domain
Level
Requirement number

Example: AC.L1-3.1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Access Control (AC) Domain

A

Manage who accesses your network and systems

Level 1 - 4 practices

Level 2 - 22 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Audit and Accountability (AU) Domain

A

Create logs and review them frequently

Level 1 - 0 practices

Level 2 - 9 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Awareness and Training (AT) Domain

A

Ensure your people are trained appropriately

Level 1 - 0 practices

Level 2 - 3 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Configuration Management (CM) Domain

A

Ensure baselines and other configurations are kept up to date

Level 1 - 0 practices

Level 2 - 9 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Identification and Authentication (IA) Domain

A

Know you is requesting access and authenticate appropriately

Level 1 - 2 practices

Level 2 - 11 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Incident Response (IR) Domain

A

Be able to recover once an incident occurs

Level 1 - 0 practices

Level 2 - 3 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Maintenance (MA) Domain

A

Keep your systems up to date and patched

Level 1 - 0 practices

Level 2 - 6 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Media Protection (MP) Domain

A

Ensure mobile media is protected against theft or loss

Level 1 - 1 practice

Level 2 - 9 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Personnel Security (PP) Domain

A

Manage risks to your environment by insiders

Level 1 - 0 practices

Level 2 - 2 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Physical Protection (PE) Domain

A

Employ physical protection mechanisms to prevent access to physical devices

Level 1 - 4 practices

Level 2 - 6 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Risk Assessment (RA) Domain

A

Have a process for identifying and managing enterprise risk

Level 1 - 0 practices

Level 2 - 3 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Security Assessment (CA) Domain

A

Independently verify your security posture

Level 1 - 0 practices

Level 2 - 4 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

System and Communications Protection (SC) Domain

A

Manage security tools and processes related to system security

Level 1 - 2 practices

Level 2 - 16 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

System and Information Integrity (SI) Domain

A

Monitor and protect the information system against malicious content

Level 1 - 4 practices

Level 2 - 7 practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Cybersecurity Maturity Model Certification (CMMC) Documentation

A

Cybersecurity Maturity Model Certification (CMMC) Model Overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Cybersecurity Maturity Model Certification (CMMC) Model Overview

A

Model framework and background for the creation of the Cybersecurity Maturity Model Certification (CMMC) Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Cybersecurity Maturity Model Certification (CMMC) Self-Assessment Guide Level 1

A

assessment criteria and methodology used by Organization Seeking Certification (OSC) to conduct self-assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Cybersecurity Maturity Model Certification (CMMC) Assessment Guide Level 2

A

Assessment criteria and methodology used by Certified Cybersecurity Maturity Model Certification (CMMC) Assessors (CCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Cybersecurity Maturity Model Certification (CMMC) Self-Assessment Scope Level 1

A

Used by contractors to specify which assets in the environment are in scope prior to self-assessment

32
Q

Cybersecurity Maturity Model Certification (CMMC) Assessment Scope Level 2

A

Used by Certified Cybersecurity Maturity Model Certification (CMMC) Professionals (CCPs) and Certified CMMC Assessors (CCAs) to identify assets in the Assessment Scope

33
Q

Cybersecurity Maturity Model Certification (CMMC) Glossary and Acronyms

A

Definitions and terms used in the Cybersecurity Maturity Model Certification (CMMC) Model

34
Q

Cybersecurity Maturity Model Certification (CMMC) Artifact Hashing Tool User Guide

A

Guidance on creating a cryptographic reference or hash for assessment artifacts to ensure artifact integrity

35
Q

Cybersecurity Maturity Model Certification (CMMC) Assessment Process (CAP)

A

Definitive source for conducting Cybersecurity Maturity Model Certification (CMMC) Assessments. Details critical activities that need to be performed during an assessment

36
Q

Key Aspects of the Cybersecurity Maturity Model Certification (CMMC) 2.0 Framework

A

Streamlined Model

Reliable Assessments

Flexible Implementation

37
Q

Project Spectrum

A

a platform to help Defense Industry Base (DIB) assess and build their cybersecurity capabilities

38
Q

Cybersecurity Maturity Model Certification (CMMC) Self-Assessments

A

Level 1 and a small subset of Level 2

For Organizations Seeking Certification (OSCs) who handle Federal Contract Information (FCI) only

Conducted annually

Senior company official required to sign off

39
Q

Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessments

A

Level 2

For Organizations Seeking Certification (OSCs) who handle Controlled Unclassified Information (CUI) critical to national security

CMMC Third-Party Assessor Organization (C3PAO) assess the OSCs compliance with cybersecurity practices and provides an assessment to the DoD

Conducted triennially (every 3 years)

40
Q

Supplier Performance Risk System (SPRS)

A

Where self-assessment scores and affirmations are posted

41
Q

Independent Third-Party Assessment Benefits

A

Consistency among assessors

Impartial

Experienced and trained

42
Q

Office of the Undersecretary of Defense for Aquisition and Sustainment (OUSD A&S)

A

Owner of the Cybersecurity Maturity Model Certification (CMMC) Model and Assessment Guides

43
Q

Cyber Accreditation Body (AB)

A

Non-profit organization that operationalizes Cybersecurity Maturity Model Certification (CMMC) assessments and training

44
Q

CMMC Assessors and Instructors Certification Organization (CAICO)

A

Future organization designed to be authorized to certify Cybersecurity Maturity Model Certification (CMMC) assessors and instructors

45
Q

Organizations Under the Authority of The Cyber Accreditation Body (AB)

A

CMMC Third-Party Assessment Organization (C3PAO)

Registered Practitioner Organization (RPO)

Organization Seeking Certification (OSC)

46
Q

CMMC Third-Party Assessment Organization (C3PAO)

A

Authorized to manage the Assessment process for an Organization Seeking Certification (OSC)

Certified to provide consultative advice to an OSC

47
Q

Registered Practitioner Organization (RPO)

A

Organization authorized to provide recommendations and consulting advice about Cybersecurity Maturity Model Certification (CMMC) Assessments

Do not conduct Certified CMMC Assessments

48
Q

Organization Seeking Certification (OSC)

A

Organization going through Cybersecurity Maturity Model Certification (CMMC) Assessment process

49
Q

Organizations Under the Authority of the CMMC Assessors and Instructors Certification Organization (CAICO)

A

Licensed Partner Publisher (LPP)

Licensed Training Provider (LTP)

50
Q

Licensed Partner Publisher (LPP)

A

Purpose is to create accredited content for use by License Training Providers (LTPs)

51
Q

Licensed Training Provider (LTP)

A

Purpose is to conduct Certified Cybersecurity Maturity Model Certification (CMMC) classes using Licensed Partner Publisher (LPP) curricula

52
Q

Organizations Seeking Certification (OSC) Roles and Responsibilities

A

Identify Cybersecurity Maturity Model Certification (CMMC) Level

Self- assess Level 1 compliance

Seek CMMC Third-Party Assessment Organizations (C3PAO) to conduct level 2 assessments

53
Q

CMMC Third-Party Assessment Organizations (C3PAO) Roles and Responsibilities

A

Conduct Cybersecurity Maturity Model Certification (CMMC) assessments

Have a CMMC Certified Assessor on staff

54
Q

Registered Practitioner Organizations (RPO) Roles and Responsibilities

A

Provide non-certified consultive services to help the Organization Seeking Certification (OSC)

55
Q

Licensed Partner Publishers (LPP) Roles and Responsibilities

A

Create Cybersecurity Maturity Model Certification (CMMC) training curricula based on exam objectives

56
Q

Licensed Training Providers (LTP) Roles and Respnsibilities

A

Provide infrastructure to deliver Cybersecurity Maturity Model Certification (CMMC) training to students

Use approved curricula from Licensed Partner Publishers (LPP)

57
Q

CMMC Assessors and Instructors Certification Organization (CAICO) Individuals - Assessment

A

Certified CMMC Professionals (CCP)

Certified CMMC Assessor (CCA)

Assessment Team Members

Lead Assessors

58
Q

Certified CMMC Professionals (CCP)

A

Individuals credentialed as understanding the requirements of Cybersecurity Maturity Model Certification (CMMC) for a DoD supplier

59
Q

Certified CMMC Assessor (CCA)

A

Individuals certified to assess all practices on Cybersecurity Maturity Model Certification (CMMC) Level 2 Assessments

60
Q

Assessment Team Members

A

Individuals working under the leadership of a Lead Assessor

61
Q

Lead Assessors

A

Individual who oversees and manages a discrete Cybersecurity Maturity Model Certification (CMMC) Assessment Team

62
Q

Certified CMMC Instructors (CCI)

A

Authorized to train Certified CMMC Professionals (CCP) and Certified CMMC Assessors (CCA)

63
Q

Registered Practitioners (RP)

A

Deliver a non-advisory service informed by basic training on the Cybersecurity Maturity Model Certification (CMMC) standard

64
Q

Provisional Assessors (PA)

A

Provisionally trained to conduct Assessments at Level 2, during the interim period

65
Q

Provisional Instructors (PI)

A

Purpose is to establish a cadre of assessors for the Cybersecurity Maturity Model Certification (CMMC) ecosystem during the interim period

66
Q

Cybersecurity Maturity Model Certification (CMMC) Marketplace

A

Centralized access point for Organizations Seeking Certification (OSCs)

67
Q

Phases of a Third-Party Assessment

A

Plan for coordination and exchange of artifacts

Conduct on-site assessment

Report assessment findings

68
Q

Level 2 assessment roles and responsibilities - CMMC Third-Party Assessment Organizations (C3PAO)

A

Contract with members of the Defense Industrial Base (DIB)

Perform initial quality checks on assessment reports

69
Q

Level 2 assessment roles and responsibilities - Lead Assessor

A

Lead Cybersecurity Maturity Model Certification (CMMC) Assessment

Task CMMC Certified Professionals (CCPs) and CMMC Certified Assessors (CCAs)

Communicate with the Organization Seeking Certification (OSC) and the CMMC Third-Party Assessment Organization (C3PAO)

70
Q

Cybersecurity Compliance Requirements Under the Cybersecurity Maturity Model Certification (CMMC) 2.0 Foundational Level 1

A

Self-assessment

71
Q

Cybersecurity Compliance Requirements Under the Cybersecurity Maturity Model Certification (CMMC) 2.0 Advanced Level 2

A

Third-party assessment for contractors with critical national security information

Self-assessment for contractors that do not have information critical to national security

72
Q

Cybersecurity Compliance Requirements Under the Cybersecurity Maturity Model Certification (CMMC) 2.0 Expert Level 3

A

Government-led assessment

73
Q

Self-Assessment Under Cybersecurity Maturity Model Certification (CMMC) 2.0

A

Required for Level 1 practices

Conducted annually

Reported to Supplier Performance and Risk System (SPRS)

74
Q

Consequences of Non-Compliance of Self Assessment

A

Failure to receive award

Contractual Liability

Prosecution under the False Claims Act

75
Q

Christian Doctrine

A

States that mandatory procurement clauses are inherent in all federal contracts

76
Q

False Claims Act

A

Used to penalize contractors who not in compliance with cybersecurity regulations

77
Q

Civil Cyber-Fraud Initiative

A

utilizes the False Claims Act to pursue cybersecurity-related fraud by government contractors

CMMC original Slides (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions