DoD Authorizing Official Course Flashcards

1
Q

What is Cybersecurity and why is it important?

A

DoD cybersecurity policy - replaces the term Information Assurance and is designed to prevent damage to, protect, and restore: Computers, Electronic communications systems or services, Electronic Wire communications, or Information contained in any of the above. It also promotes reciprocity and information sharing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cybersecurity ensures what?

A

C-I-A the confidentiality, integrity, and availability of DoD information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where does RMF apply?

A

Whenever IT falls under a DoD Component and/or when the IT receives, processes, stores, displays, or transmits DoD information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RMF Process: Asses & Authorize

A

A full RMF must be performed on Informations systems: Enclaves, Major Applications and PIT systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

RMF Process: Asses Only

A

RMF assesment only on a PIT, Services: Internal and/or External, Products: Software, hardware and/or applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AO Major responsibilities

A

Render authorization decisions: Determine acceptable risk and manage risk acceptance. This can not be delegated and may only be done by the AO. The AO will promote reciprocity, oversee system-level risk mgmt activities and appoint AODR and manage other cybersecurity workforce positions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the capstone cybersecurity policy?

A

DoDI 8500.01 - establishes the DoD cybersecurity program and lays the foundation for DoD cyberspace defense. Applies to all DoD IT and aligns with Federal cybersecurity terminology and policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the role of DoDI 8510.01

A

Replaces DIACAP with RMF. Provides the provisions for categorizing systems, implementing security controls, and assessing those controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RMF has 6 steps

A
  1. Categorize System 2. Select Security Controls 3. Implement Security Controls 4. Asses Security Controls 5. Authorize System 6. Monitor Controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 3 types of risk?

A

likelihood, threat, and impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DoD CIO (Tier 1 of governance structure)

A

Directs and oversees cybersecurity risk mgmt of DoD IT and Develops and establishes DoD cybersecurity policy and guidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RMF Techincal Advisory Group (TAG) (Tier 1 of governance structure)

A

provides implemetation guidance for the RMF

Interfaces w/DoD Component cybersecurity programs, cybersecurity communities of intrest, and other entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DoD Information Secuirty Risk Mgmt Commitee (ISRMC) (Tier 1 of governance structure)

A

Formerly the DISN/GIG Flag Panel
Comprises the 4 Mission Area Prinicpal Authorizing Officials (PAOs), thier reps, and other major DoD and IC stakeholder
Asses risk from Tier 1
Provides strategic guidance to Tiers 2 & 3
Authorizes information exchanges and systems connections for enterprise wide systems, cross Mission Area Systems, cross security domain connections, and mission partner connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Defense IA Secuirty Accredidation Working Group (DSAWG) (Tier 1 of governance structure)

A

Supports the ISRMC
Reviews/resolves authorization issues related to charing community risk
Develops & provides guidance to AOs for system connections to the DoD information enterprise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Principal Authorizing Officals (PAO) (Tier 2 Mission/Business Process)

A

appointed for each DoD mission area and represent the mission area (ma) intrerests
issue auth. guidance to the MA
resolve auth issues within the MA and work w/other PAOs to resolve issues
Designate AOs
Designate information security architects or IS sercurity engineers for MA segments or systems of systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DoD Component Heads (Tier 2 Mission/Business Process)

A

ensure IS and platform IT (PIT) systems are categorized according to RMF guideline
Verify a PM or System Mgr is appointed for all IS and PIT systems
Ensure IT under their authority comply with RMF
Operate only authorized IS and PIT systems: ATO, including w/Conditions or IATT
Comply w/all auth decisions, including a DATO
Ensure personnel in or supporting RMF are properly trained and have certs