Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Surety > Cyber Surety Policies > Flashcards

Cyber Surety Policies Flashcards

1
Q

National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11, National Information Assurance Acquisition Policy (NIAAP)

A
  • Developed as a means of addressing the U.S. Government Departments and Agencies ability to acquire commercial off the shelf (COTS) products and subject them to a standardized evaluation process
  • All COTS IA and IA-enabled IT shall be limited only to those which have been evaluated and validated in accordance with outlined criteria
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Office of Management and Budget Memorandum (OMB) M-04-04, E-Authentication Guidance for Federal Agencies

A
  • Address a graduated and appropriate application of access control
  • Describes assurance levels for authentication by type for electronic transactions (digital signatures)
  • Outlines that certificates for the DOD Public Key Infrastructure (PKI) will be issued to individuals via the common access card (CAC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems

A
  • Works with OMB M-04-04 to address a graduated and appropriate application of access control
  • Seeks to address the inconsistent application of security controls as information was shared across agency and third party boundaries
  • Provides a standard framework for government-wide use in information designation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors

A
  • Addresses the need for standardization of identity credentials across Federal Agencies
  • Consistent identity credential
  • Leaves the access control uses to the local level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification (PIV) of Federal Employees and Contractors

A

-Provides guidance for implementation of HSPD 12
It defines the Personal Identity Verification (PIV) card, which is a cryptographically enabled smart card.
-CAC is DoD Implementation of PIV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Intelligence Community Directive/Standard (ICD/ICS) 705, Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities (SCIF)

A
  • Established physical security standards for construction and protection of facilities storing, processing, and discussing SCI
  • The physical security safeguards are for the protection of SCI
  • The SOIC may waive specific requirements IAW ICD/ICS 705,
    • Waiver must be in writing
    • Must specifically state what has been waived
    • The CSA must notify all co-utilizing agencies of any waivers it grants
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Department of Defense Instruction (DoDI) 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP)

A
  • Establishes process to manage implementation of IA capabilities and services
  • Describes key parts(activities) to DIACAP
  • Details for C&A for
    • Authorization to Operate (ATO)
    • Interim-Authorization to Operate (IATO)
    • Interim Authorization to Test (IATT)
    • Denial Authorization to Operate (DATO)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Department of Defense Directive (DoDD) 8500.01E, Information Assurance (IA)

A
  • Establishes policy to achieve DoD IA
  • Provides Categories for information system (IS)
  • States requirement for Mission Assurance Category (MAC) assigned to an IS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Department of Defense Instruction (DoDI) 8500.2, Information Assurance Implementation

A
  • Establishes policy for applying integrated, layered protection of DoD IS and Networks
  • Responsibilities for
    • Heads of DoD Components
    • Designated Accrediting Authority (DAA)
    • Information Assurance Manager (IAM)
  • Baseline IA control requirements
  • Lists IA Controls organized by Mission Assurance Category (MAC) and Confidentiality Level (CL)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Air Force Policy Directive (AFPD) 33-2, Information Assurance

A
  • Responsibilities for the DAA for systems and for connection approval authority for the AF-GIG
  • Identifies roles and responsibilities for the AF Senior Information Assurance Officer (SIAO), CCs, Information System Owners (ISO), Program Managers (PM) and network users
  • Outlines the DoD Information Assurance Certification and Accreditation Process (DIACAP)
    • Used by the Air Force to certify and accredit ISs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Air Force Instruction (AFI) 33-200, Information Assurance (IA) Management

A
  • Provides general direction for implementation of IA and management of IA programs according to AFPD 33-2
  • Applies to all ISs owned, operated, or supported by the AF that are used to process, store, display, transmit or protect DoD information, regardless of classification or sensitivity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Air Force Manual (AFMAN) 33-282, Computer Security

A
  • Restates the roles and responsibilities of:
    • SAF/CIO A6
    • Designated Accrediting Authority (DAA)
    • IA Mangers and Officers (IAM/IAO)
  • Mandates the Notice and Consent program
  • Covers how to implement PKI infrastructure
  • Handling CMIs
  • Remanence security
    • Clearing – Three passes – System tools cannot recover
    • Sanitizing – Seven passes – Laboratory tools cannot recover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Air Force Instruction (AFI) 33-112, IT Hardware Asset Management

A
  • Deals with management of Information Systems
    • Equipment control officer (ECO)
    • Equipment custodians (EC)
    • Air Force contractors
    • Physical inventory of DoD-owned IT assets
  • Covers Equipment Disposal Procedures
    • Defense Reutilization Management Office (DRMO)
    • Donation of old IT assets to schools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Air Force Instruction (AFI) 33-114, Software Management

A
  • Provides guidance to plan, develop, use, maintain, or support AF software
    • COTS software
    • Locally developed software
  • Covers
    • User’s ability to install government-owned software on home systems
    • COTS software installed on government systems
    • License management for COTS software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Air Force Instruction (AFI) 33-119, Air Force Messaging

A
  • States all government comm systems are subject to monitoring
  • Government comm systems are For Official Use Only (FOUO)
  • Contractors will be provided and a government email account
  • DoD PKI-based encryption is not authorized for protecting classified information on non classified systems
  • Encryption should be used for the following
    • For Official Use Only (FOUO)
    • Privacy Act Information
    • Personally Identifiable Information (PII)
    • Information important to operations (OPSEC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Air Force Instruction (AFI) 33-138, Enterprise Network Operations Notification and Tracking

A
  • Describes the process for remediating vulnerabilities on Air Force networks through Time Compliance Network Order (TCNO)/C4 Notice to Airmen (C4NOTAM)
  • Covers incident response and Authorized Service Interruption (ASI) reporting
17
Q

Air Force Instruction (AFI) 33-201 Volume 1, Communications Security

A

Prescribes procedures for securing and protecting information systems, COMSEC equipment, and material

18
Q

Air Force Instruction (AFI) 33-201 Volume 2, Communications Security User Requirements

A

Outlines roles and responsibilities of the COMSEC Program

19
Q

Air Force Instruction (AFI) 33-201 Volume 4, Cryptographic Access Program

A
  • Limits the access of COMSEC material to only those who need it in order to complete their job
  • Grant access to all the Crypto information systems and equipment that the DoD owns or controls
20
Q

Air Force Instruction (AFI) 33-201 Volume 5, Controlled Cryptographic Item (CCI)

A

Outlines the minimum standards for the handling and transportation of items identified as a Controlled Cryptographic Item (CCI)

21
Q

Air Force Instruction (AFI) 33-201 Volume 9, Operational Instruction for Secure Voice Devices

A

Outlines the standards that must be followed for the use of secure voice devices (STE and Iridium phones)

22
Q

Air Force Instruction (AFI) 10-712, Telecommunications Monitoring and Assessment Program (TMAP)

A
  • Implements national and DoD directives pertaining to the monitoring of unsecured telecommunications
  • Identifies sources of information leakage rather than identifying those leaking the information
23
Q

Air Force Instruction (AFI) 33-210, Air Force Certification and Accreditation (C&A) Program (AFCAP)

A
  • Lists roles/responsibilities of AF C&A for IS
  • Explains DIACAP
  • Provides details regarding authority to connect decisions
  • Establishes that the Air Force will use the DoD mandated Enterprise Mission Assurance Support Service (eMASS)
24
Q

Air Force Instruction (AFI) 33-332, Air Force Privacy Act Program

A
  • Provides guidance on Privacy Act as it applies to the Air Force
  • It states that an official system of records must be
    • Authorized by law or Executive Order
    • Controlled by an Air Force or lower level directive
    • Needed to carry out an Air Force mission or function
  • Process to request information via Freedom of Information Act
25
Q

Air Force Systems Security Instruction (AFSSI) 4212, Reporting COMSEC Deviations

A

Established procedures for reporting incidents affecting the Security of COMSEC Material

  • Pertains to all COMSEC Material
    • Controlled Cryptographic Item (CCI)
    • Electronic Key
    • Keyed Common-Fill Devices
    • Modern Filled Devices
    • Cryptographic Equipment
    • Electronically Generated Keys
26
Q

Air Force Systems Security Instruction (AFSSI) 7700, Emissions Security (EMSEC)

A
  • Requires the Wing IA office assess the need for EMSEC before actually acquiring systems or even beginning engineering and installation
  • Outlines when EMSEC re-assessments are required
    • Every 3 years
    • When being reaccredited
    • When classification level changes
    • When threat changes
    • When equipment is moved
27
Q

Air Force Systems Security Instruction (AFSSI) 7702, Emissions Security (EMSEC) Countermeasures Reviews

A
  • Determines the need for EMSEC countermeasures
  • Determines which countermeasures to apply
  • Requires Certified Tempest Technical Authority (CTTA) validation of assessments prior to application or implementation
28
Q

Air Force Instruction (AFI) 10-701, Operations Security

A
  • Provides guidance for all AF personnel in implementing, maintaining and executing OPSEC programs
  • Describes the OPSEC process
  • Discusses integration of OPSEC into AF plans, operations and support activities

Cyber Surety (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions