Continuous Monitoring

Question 1

National Industrial Security Program (NISP)

Answer 1

NISPOM is the manual that industry must follow

Industry: Implement security requirements

Government: establish requirements, advise and assist, provide oversight

Cleared industry safeguards all classified info
Apply to contractors with access to classified info

Question 2

Security Policy Guidance

Answer 2

Industry: NISPOM detailed industrial security policy

Federal Government: NIST National Institute of Standards and technology

Military: DoD Policy & Guidance:

Question 3

RMF

Answer 3

Risk Management Framework

Question 4

Which of the following are important roles of the NISP in continuous monitoring?

Answer 4

To ensure that cleared industry safeguards classified information and information systems

To protect critical infrastructure

To thwart foreign adversaries and insider threats to information systems

Question 5

Match

Answer 5

NISPOM: guidance requires that all individuals’ actions on a classified contractor info system be auditable

NIST SP: publications provide detailed guidance on the development and implementation of an ISCM program and security-focused configuration management

DoD Policy and Guidance: policies and guidance establishes the requirement for an integrated continuous capability to monitor and audit for threats and vulnerabilities from internal and external sources.

Question 6

Risk

Answer 6

possibility that a threat will adversely impact an information system by exploiting a vulnerability

Question 7

Threat vs. vulnerability

Answer 7

V: weakness or lack of controls that could facilitate, or allow, a compromise

T: a potential for the accidental or deliberate compromise of security

Question 8

RMF process (Cybersecurity requirements for DoD)

Answer 8

Informs the acquisition process

Implements cybersecurity through use of security controls

Emphasizes continuous monitoring and timely correction of deficiencies

Adopts reciprocity and codifies reciprocity tenets

Question 9

RMF ensures:

Answer 9

Traceability and transparency of risk-based decisions, organization-wide risk awareness, operational resilience, operation integration, interoperability

Question 10

3-tiered approach to risk management:

Answer 10

Tier 1 Organization:(Chief Information Officer, Senior Information Security Officer, Risk Executive Function). org as a whole, core missions, business functions. Info necessary to make risk management decisions at this level. Aggregated data to enable organization-wide decision-making.

Tier 2 Mission/Business/Process (Principal Authorizing Officials, DoD Component CIO, DoD Component SISO). Ex: Controls in the PM family

Tier 3 Information Systems (Authorizing Official, Information System Owner, User Rep, Information System Security Officer, Authorizing Official Designated Representative, Program Manager/System Manager, Information System Security Officer). Technical details to support system-level actions

Question 11

RMF Steps

Answer 11

1. Categorize system
2. select security controls
3. security controls implemented
4. Security controls assessed
5. authorize the information system
6. monitor security controls

Question 12

Which of the following identify how the RMF supports risk management

Answer 12

RMF process ensures traceability and transparency across all levels of the organization

RMF process emphasizes continuous monitoring and timely correction of deficiencies

Question 13

Information System Continuous Monitoring

Answer 13

ISCM

Question 14

ISCM strategy 3 major tasks

Answer 14

Configuration management and security controls monitoring and assessment tasks

security status monitoring tasks

Security Status reporting tasks

Question 15

ISCM processes

Answer 15

schedule, performance, cost

industrial, information, personnel, physical

Question 16

ISCM data fundamental to execution management

Answer 16

Risk tolerance
enterprise architecture
security architecture
configuration configurations
configuration changes
threat information

Question 17

Six steps to establish ISCM

Answer 17

Define
establish
implement
analyze/report
respond
review/update

Question 18

Which of the following are security-focused configuration management (SecCM) roles in risk management?

Answer 18

Ensuring that adjustments to the system configuration do not adversely affect the security of the information system

Establishing configuration baseline and tracking, controlling and managing aspects of business development

Ensuring that adjustments to the system configuration do not adversely affect the organization’s operations

Question 19

Four phases of security management

Answer 19

Phase 1 Planning: developing policy and procedure. Baseline approved specifications for ISs or CIs

Phase 2 Identifying and implementing configurations: Most secure state. Develop, approve, implement secure baseline configuration consistent with operational requirements and constraints

Phase 3 Controlling configuration changes: Emphasize management of change to maintain security. Changes implemented as approved. See if any unexpected effects. Employ access restrictions.

Phase 4 Monitoring: Validate that IS adhering to org policies, procedures and approved baseline configuration. Discovers undocumented components, vulnerabilities and unauthorized changes.

Question 20

SSP

Answer 20

System Security Plan (Industry): ISSM or ISSO responsible for baseline changes

Question 21

Patches

Answer 21

Configuration change control

Question 22

4 audit requirements in NISP

Answer 22

1. Audit Trail
2. Individual accountability wiht uniqye ID and periodic testing
3. Adds to 1 and 2 with scheduled audit analysis
4. Create audit trail capable of recording changes to user access permissions

Question 23

Logs

Answer 23

Event logs: event recorded elicits response from program and applications. Should be filtered and can be archived.

Audit logs: