DODI 8500.01, Encl. 3

Question 1

Which program ensures that IT can be used in a way that allows mission owners and operators to have
confidence in the confidentiality, integrity, and availability of IT and DoD information, and to make
choices based on that confidence?

Answer 1

Defense cyber security

Question 2

What is used by the DoD to address risk management for all DoD ISs and PIT systems?

Answer 2

NIST SP 800-37

Question 3

From which perspective does tier one risk management address risk?

Answer 3

Organizational

Question 4

What provides the Tier 1 risk management governance for the DoD?

Answer 4

DOD ISRMC

Question 5

Which risk management tier addresses risk from a mission and business process perspective?

Answer 5

Tier 2

Question 6

Which risk management tier addresses risk from an IS and PIT system perspective?

Answer 6

Tier 3

Question 7

Cybersecurity risk management is planned for and documented in a cybersecurity strategy in accordance with Interim DoD Instruction 5000.02 along with which other reference?

Answer 7

DOD Instruction 8580.1

Question 8

What provides a disciplined and structured process that combines IS security and risk management
activities into the system development life cycle and authorizes their use within the DoD?

Answer 8

Risk Management Framework (RMF)

Question 9

How many steps does the Risk Management Framework (RMF) have?

Answer 9

6

Question 10

The reciprocal acceptance of DoD and other federal agency and department security authorizations will
be implemented in accordance with procedures in which reference?

Answer 10

DoD Instruction 8510.01

Question 11

11. How many conditions must be met for operational resilience?

Answer 11

3

Question 12

Transmission of DoD information must be protected through the communications security (COMSEC)
measures and procedures established in which reference?

Answer 12

DoDI 8523.01

Question 13

COMSEC monitoring and cybersecurity readiness testing will be conducted in accordance with which
reference?

Answer 13

DoD Instruction 8560.01

Question 14

Which type of model provides people, services, and platforms the ability to discover one another and
connect to form new capabilities or teams without being constrained by geographic, organizational, or technical barriers?

Answer 14

Net-centric

Question 15

What coordinates and facilitates relationships across LE, intelligence, and homeland security
communities?

Answer 15

DoD Cyber Crime Center

Question 16

What is used to ensure strong identification and authentication as well as eliminates anonymity in DoD
ISs so that entities’ access and access behavior are visible, traceable, and enable continuous monitoring for
LE and cybersecurity?

Answer 16

Identity assurance

Question 17

Which instruction contains identity assurance policies and procedures regarding identity authentication
for ISs?

Answer 17

DoD Instruction 8520.03

Question 18

What provide standard cybersecurity, such as boundary defense, incident detection, and response, and
key management as well as delivering common applications such as office automation and e-mail?

Answer 18

Enclaves

Question 19

Where must all DoD ISs be registered on the low side?

Answer 19

DITPR

Question 20

Which reference should be consulted for PIT cybersecurity requirements?

Answer 20

DoD Instruction 8510.01

Question 21

Which DoD level must all PIT systems be registered?

Answer 21

Component

Question 22

What consists of IT capabilities that are provided according to a formal agreement between DoD
entities or between DoD and an entity external to DoD?

Answer 22

IT Service

Question 23

Unified capability products will receive unified capability certification for cybersecurity in accordance
with which reference?

Answer 23

DoD Instruction 8100.04

Question 24

All acquisitions of DoD IS will comply with USD(AT&L) Memorandum along with which other reference?

Answer 24

DoD Instruction 8580.1

Question 25

Which reference will ports, protocols, and services be managed in accordance with?

Answer 25

DoD Instruction 8551.1

Question 26

Who is responsible for configuring and reviewing the security for IT below the system level for acceptance and connection into an authorized computing environment?

Answer 26

ISSM

Question 27

Who will oversee the development and acquisition of enterprise solutions for use throughout the DoD that support cybersecurity objectives?

Answer 27

ESSG

Question 28

Which TPM version or higher if required by DISA STIGs must DoD components ensure that new computer assets procured to support DoD meet?

Answer 28

1.2

Question 29

Which standards will be used by STIGs developed by DISA?

Answer 29

SCAP

Question 30

Who ensures that DoD IT is assigned to and governed by a DoD Component cybersecurity program?

Answer 30

DoD SISO

Question 31

Who performs the DoD risk executive function?

Answer 31

DoD ISRMC

Question 32

Who are responsible for overseeing and establishing guidance for the strategic implementation of cybersecurity and risk management within their MAs?

Answer 32

PAOs

Question 33

Who render authorization decisions for DoD ISs and PIT systems under their purview in accordance with DoD Instruction 8510.01?

Answer 33

AOs

Question 34

Who are responsible for developing and maintaining an organizational or system-level cybersecurity program?

Answer 34

ISSMs

Question 35

In accordance with which reference must ISSMs ensure that the handling of possible or actual data spills of classified information are handled with?

Answer 35

DoD Manual 5200.01

Question 36

Who is responsible for implementing and enforcing all DoD IS and PIT system cybersecurity policies and procedures as defined by cybersecurity-related documentation?

Answer 36

ISSO

Question 37

Authorized users must meet the minimum cybersecurity awareness requirements in accordance with which reference?

Answer 37

DoD 8570.01-M