DODI 8500.01, CYBER SECRITY Flashcards
Which instruction established a DoD cyber security program to protect and defend DoD information and information technology?
DoDI 8500.01
What will be employed to protect, detect, characterize, and mitigate unauthorized activity and vulnerabilities on DoD information networks?
Cyberspace Defense
What must be given to all DoD information in electronic format in the appropriate levels that reflects the importance of both information sharing and protection?
Confidentiality, Integrity and Availability
What must be used to ensure strong identification, authentication, and eliminate anonymity in DoD IS and PIT systems?
Identity Assurance
Which instruction must the DoD-wide Public Key Infrastructure (PKI) solution be managed in accordance with?
DoDI 8520.02
Which instruction must the biometrics that are used in support of identity assurance be managed in accordance with?
DoDD 8521.01
Who is responsible for the monitoring, evaluation, and providing the advice to the Secretary of Defense regarding all DoD cyber security activities and oversee implementation of DoDI 8500.01?
DoD CIO (Pages 14)
Who does the DoD CIO coordinate with to ensure that cyber security policies and capabilities are aligned with and mutually supportive of personnel. physical, industrial, information and operations security and capabilities?
Under Secretary of Defense for Intelligence (USD(I))
Who does the DoD CIO coordinate with in development of cybersecurity-related standards and guidance?
NIST
Who does the DoD CIO coordinate with to ensure that cybersecurity responsibilities are integrated into processes for DoD acquisition programs, including research and development?
USD(AT&L)
What does the DoD CIO appoint for DoD ISs and PIT systems governed by the Enterprise Information Mission Area (MA) (EIEMA)?
PAO
In what grade or the civilian employee equivalent must the candidate be to be appointed as the Defense IA Security Accreditation Working Group (DSAWG) Chair by the DoD CIO?
0-6
How often must the DoD CIO conduct an assessment of the DoD Component cybersecurity program?
Annually
Who develops or acquires solution that support cybersecurity objectives for use throughout the DoD via the ESSG process?
DISA Director
In accordance with which instruction does the DISA Director ensure the continued development and maintenance of the standards procedures to catalog, regulate, and control the use and management of Internet protocols, data services, and associated ports an DoD networks?
DoD Instruction 8551.1
In accordance with which publication does the DlSA Director develop and provide cybersecurity training and awareness products as well as a distributive training capability to support the DoD Components?
DoD Directive 8570.01
Who does the DlSA Director coordinate with to ensure that command cyber readiness inspection guidance and metrics provide a unity effort among the security disciplines?
USD(I)
Who assists with acquisition related agreements, and international cybersecurity and cyberspace defense negotiations and agreements?
USD(AT&L)
The USD(AT&L) must ensure that PIT systems included in acquisition programs are designated, categorized‘ and have their authorization boundaries defined according to the guidelines that are provided in which reference?
DoD Instruction 8510.01
Who exercises oversight responsibility for developmental test planning in support of interoperability and cybersecurity programs acquiring DoD is and PIT systems in accordance with DoDl 5134.17?
DASD(DT& E)
Who coordinates with the DoD ClO to ensure cybersecurity strategies, policies, and capabilities are aligned with overarching DoD cyberspace policy. and are supportive of policies and capabilities relating to the disclosure of classified military information to foreign governments and international organizations in accordance with DoD Directive 8000.0l
USD(P)
Who supports implementation of cybersecurity requirements for effective manning, management, and readiness assessments of the cybersecurity workforce in accordance with DoD Directive 8570.01 and DoD 8570.01-M?
USD(P&R)
Who evaluates or validates security implementation specifications described in DoDl 8500.01?
DIRNSA/CHCSS
Who develops, implements, and manages the cybersecurity program for DoD non cryptographic SCI systems, including the DoD intelligence (DoDIIS) and JWlCS?
Director, DIA
Who appoints the PAO for DoD IS and PIT systems governed by the Business Mission Area (BMA)?
Deputy Chief Management Officer (DCMO)
Cybersecurity training and awareness products developed by what will be used to meet the baseline user awareness training that is required by BOB Directive 857001?
DISA
Which program ensures that IT can be used in a way that allows mission owners and operators to have confidence in the confidentiality, integrity, and availability of IT and DoD information, and to make choices based on that confidence?
Defense cybersecurity
What is used by the DoD to address risk management for all DoD ISs and PIT systems?
NIST SP 800-37
From which perspective does tier one risk management address risk?
Organizational
What provides the Tier I risk management governance for the DoD?
DoD ISRMC
Which risk management tier addresses risk from a mission and business process perspective?
Tier 2
Which risk management tier addresses risk from an IS and PlT system perspective?
Tier 3
Cybersecurity risk management is planned for and documented in a cybersecurity strategy in accordance with Interim DoD Instruction 5000.02 along with which other reference?
DoD Instruction 8580.1
What provides a disciplined and structured process that combines is security and risk management activities into the system development life cycle and authorizes their use within the DoD?
Risk Management Framework (RMF)
How many steps does the Risk Management Framework (RMF) have?
6
The reciprocal acceptance of DoD and other federal agency and department security authorizations will be implemented in accordance with procedures in which reference?
DoD Instruction 8510.01
How many conditions must be met for operational resilience?
3
Transmission of DoD information must be protected through the communications security (COMSEC) measures and procedures established in which reference?
DoDI 8523.01
COMSEC monitoring and cybersecurity readiness testing will be conducted in accordance with which reference?
DOD Instruction 8560.01
Which type of model provides people, Services, and platforms the ability to discover one another and connect to form new capabilities or teams without being constrained by geographic, organizational, or technical barriers?
Net centric
What coordinates and facilitates relationships across LE, intelligence, and homeland security communities?
DoD Cyber Crime Center
What is used to ensure strong identification and authentication as well as eliminates anonymity in DoD lSs so that entities’ access and access behavior are visible, traceable, and enable continuous monitoring for LE and cybersecurity?
Identity assurance
Which instruction contains identity assurance policies and procedures regarding identity authentication for 185?
DoD Instruction 8520.03
What provide standard cybersecurity, such as boundary defense, incident detection, and response, and key management as well as delivering common applications such as office automation and e-mail?
Enclaves
Where must all DoD ISs be registered on the low side?
DITPR
Which reference should be consulted for PIT cybersecurity requirements?
DoD Instruction 8510.01
Which DoD level must all PIT systems be registered?
Component
What consists of IT capabilities that are provided according to a formal agreement between DoD entities or between DoD and an entity external to DoD?
IT Service
Unified capability products will receive unified capability certification for cybersecurity in accordance with which reference?
DoD Instruction 8100.04
All acquisitions of DoD [S will comply with USD(AT&L) Memorandum along with which other reference?
DoD Instruction 8580.1
Which reference will ports, protocols, and services be managed in accordance with?
DoD Instruction 8551.1
Who is responsible for configuring and reviewing the security for IT below the system level for acceptance and connection into an authorized computing environment
ISSM
Who will oversee the development and acquisition of enterprise solutions for use throughout the DoD that support cybersecurity objectives?
ESSG
Which TPM version or higher if required by DISA STle must DoD components ensure that new computer assets procured to support DoD meet?
1.2
Which standards will be used by STIGs developed by DISA?
SCAP
Who ensures that DoD IT is assigned to and governed by a DoD Component cybersecurity program?
DoD SISO
Who performs the DoD risk executive function?
DOD ISRMC
Who are responsible for overseeing and establishing guidance for the strategic implementation of cybersecurity and risk management within their MAs?
PAOs
Who are responsible for developing and maintaining an organizational or system level cybersecurity program
ISSMs
In accordance with which reference must ISSMs ensure that the handling ofpossible or actual data spills of classified information are handled with?
DOD Manual 5200.01
Who is responsible for implementing and enforcing all DoD IS and PIT system cybersecurity policies and procedures as defined by cybersecurity related documentation?
ISSO
Authorized users must meet the minimum cybersecurity awareness requirements in accordance with which reference?
DoD 8570.01-M
Who render authorization decisions for DoD ISs and PIT systems under their purview in accordance with DoD Instruction 8510.01?
AOs
