Lesson 5 Definitions Flashcards

1
Q

Scope

A

The scale or extent of what will be evaluated for conformity, which includes those assets (people, facilities, technology) within the OSC’s environment that are targeted for CMMC Assessment because they interact with sensitive information - for example, by containing it, touching it in transit, or operating on the same network as it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Scoping

A

The process of setting or determining the scope.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Headquarters (HQ) Organization

A

The legal entity that will be delivering services or products under the terms of a DoD contract

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Host Unit

A

The specific people, procedures, and technology within an HQ Organization that would be applied to the DoD contract and that are to be considered as the OSC for CMMC Assessment purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Supporting Organization/Units

A

The people, procedures, and technology external to the HQ Organization that support the Host Unit. The affiliated asset may need to be included as part of the CMMC Assessment Scope

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Out-of-Scope Assets

A

Assets that cannot process, store or transmit FCI or CUI because they are physically or logically separated from CUI assets or are inherently unable to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

System

A

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Shared Responsibility Matrix

A

A mechanism that identifies the person(s) or team(s) in the OSC or the ESP responsible for the implementation and sustainment of the technical controls, as reflected in the terms of service between the EST as provider and the OSC as customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Control Inheritance

A

A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; either internal or external to the organization where the system or application resides.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CMMC Certification Boundary

A

Defines the assets to which an assessor will evaluate conformity with applicable CMMC practices. This is the boundary to which a CMMC Certificate will be applied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Assessment Boundary

A

Identifies all assets in the contractor’s environment for the Assessment engagement. Assets within the Assessment Boundary can be part of the CMMC Certification Boundary or Enabling Assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

System Security Plan

A

The formal document prepared by the information system owner (or common security controls owner for inherited controls) that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements. The plan can also contain as supporting appendices or as references, other key security-related documents such as a risk assessment, privacy impact assessment, system interconnection agreements, contingency plan, security configuration management plan, and incident response plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Enclave

A

A segmentation of an organization’s network or data that is intended to “wall off” that network or database from all other networks or systems. A CMMC Assessment scope can be within the Assessment scope of an enclave.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly