CCP Lesson 8

Question 1

Access Control (AC) L1-3.1.1

Answer 1

Limit information system access to authorized users, processes acting on behalf of authorized users, of devices

Question 2

Access Control (AC) L1-3.1.2

Answer 2

Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

Question 3

Access Control (AC) L1-3.1.20

Answer 3

Verify and control/limit connection to and use of external information systems.

Question 4

Access Control (AC) L1-3.1.22

Answer 4

Control information posted of processed on publicly available information systems.

Question 5

Identification and Authentication (IA) L1-3.5.1

Answer 5

Identify information system users, processes acting on behalf of users of devices.

Question 6

Identification and Authentication (IA) L1-3.5.2

Answer 6

Authenticate the identities of those users, processes, of devices, as a prerequisite to allowing access to organizational information systems.

Question 7

Media Protection (MP) L1-3.8.3

Answer 7

Sanitize or destroy information system media containing Federal Contract Information before disposal or release.

Question 8

Physical Protection (PE) L1-3.10.1

Answer 8

Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

Question 9

Physical Protection (PE) L1-3.10.3

Answer 9

Escort visitors and monitor visitor activity.

Question 10

Physical Protection (PE) L1-3.10.4

Answer 10

Maintan audit logs of physical access

Question 11

Physical Protection (PE) L1-3.10.5

Answer 11

Control and manage physical access devices.

Question 12

System and Communications Protection (SC) L1-3.13.1

Answer 12

Monitor, control, and protect organizational communications at the external boundaries and key internal boundaries of the information systems.

Question 13

System and Communications Protection (SC) L1-3.13.5

Answer 13

Implement subnetworks for publicly accessible system components that are physically of logically separated from internal networks.

Question 14

System and Information Integrity (SI) L1-3.14.1

Answer 14

Identify, Report, and correct information and information system flaws in a timely manner.

Question 15

System and Information Integrity (SI) L1-3.14.2

Answer 15

Provide protection from malicious code at appropriate locations withing organizational information systems.

Question 16

System and Information Integrity (SI) L1-3.14.4

Answer 16

Update malicious code protection mechanisms when new releases are available.

Question 17

System and Information Integrity (SI) L1-3.14.5

Answer 17

Perform Periodic scans of the information system and real time scans of files from external sources as files are downloaded, opened, of executed.

Question 18

Level 1 Gap Analysis

Answer 18

-Review all practices and their associated Assessment Objectives
.
-Ensure all applicable practices and Assessment Objectives are currently being met.

-Document how the practices and Assessment Objectives are being met.

-Identify additional Evidence that will be used to demonstrate adoption of the practice. x

-The more detailed the Evidence, the more confident the OSC will be in its level 1 self-assessment.