Continuous Monitoring 2

Question 1

DoD Policy

Answer 1

5205. 16 insider threat program
5206. 06 CI awareness and reporting
5207. 01 cybersecurity
5208. 01 Risk management framework (consistent with principles established in NIST

CNSSI 1253 security categorization and control/selection for national security systems

Question 2

NIST

Answer 2

National institute of standards and technology

NIST SP
800-37 guide for applying RMF to federal info systems
800-137 ISCM for fed info systems and orgs
800-128 Guide for security focused configuration management of info systems
800-53 security and privacy controls for fed info systems and orgs

Question 3

NISPOM

Answer 3

Detailed industrial security policy for contracts

DoD 5220.22

Question 4

RMF overview

Answer 4

Risk: Possibility that threat will adversely impact info systems exploiting vulnerability

Risk assessment: analyzing threats, defining impact, ID countermeasures

Question 5

Strategic risk tiers

Answer 5

Communication loop

Question 6

ISCM

Answer 6

Maintaining ongoing awareness of IS

Question 7

Tiers 1/2 develop policies and procedures

ISCM strategy developed tiers 1/2

System specific policy and procedure of implementation tier 3. Strategy based on government guidance

Answer 7

Na

Question 8

SecCM Controlling Configuration Changes

Answer 8

Access restrictions for change employed