Documentation and Reporting

Question 1

Documents to Maintain Includes:

Answer 1

• Gap Assessment Report
• Vulnerability Assessment Report
• Risk Assessment Report
• Zone & Conduit diagrams

Question 2

Vulnerability Assessment Report

Answer 2

• Scope of the assessment
• “As found” System Architecture
• Assessment details
• Prioritized summary of findings
• Detailed findings

Question 3

Vulnerability Assessment Report

Answer 3

• Scope of the assessment
• “As found” System Architecture
• Assessment details
• Prioritized summary of findings
• Detailed findings

Question 4

Cybersecurity Risk Assessment Report

Answer 4

• Risk profile
• Scope of the risk assessment
• Assessment details
• Detailed findings
• Prioritezed recomendations

Question 5

Cybersecurity Requirements Specifications

Answer 5

A Cybersecurity Requirements Specification (CRS) documents general security requirements based upon company policy and standards, relevant regulations and the outcome of the high-level risk assessment as well as any mandatory security functions of the SuC.

Question 6

Definition of zones and conduits, access control requirements, and security level targets should all be included in which document?

Answer 6

Cybersecurity Requirements Specification (CRS)

Question 7

In a CRS, which requirements can be grouped?

Answer 7

Access control

Question 8

The desired level of security for a particular system is known as a Target Security Level (SL-T). Which document includes SL-Ts?

Answer 8

CRS

Question 9

True of False?

A CRS is a living document that may change over time

Answer 9

True

Question 10

True of False?

Without documentation, there is nothing to verify, audit or prove.

Answer 10

True