Policies and Procedures

Question 1

Agreement between two parties that defines what data is considered confidential and cannot be shared outside of the relationship

Answer 1

Non-Disclosure Agreement (NDA)

Question 2

A non-binding agreement between two or more organizations to detail an intended common line of action

Answer 2

Memorandum of Understanding (MOU)

Question 3

An agreement concerned with the ability to support and respond to problems within a given timeframe and continuing to provide the agreed upon level of service to the user

Answer 3

Service-Level Agreement (SLA)

Question 4

Conducted between two business partners that establishes the

conditions of their relationship

Answer 4

Business Partnership Agreement (BPA)

Question 5

Consensus-developed secure configuration guidelines for hardening (benchmarks) and prescriptive, prioritized, and simplified sets of cybersecurity best practices (configuration guides)

Answer 5

Center for Internet Security (CIS)

Question 6

A process that integrates security and risk management activities into the
system development life cycle through an approach to security control selection and specification that considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations

Answer 6

Risk Management Framework (RMF)

Question 7

A set of industry standards and best practices created by NIST to help
organizations manage cybersecurity risks

Answer 7

Cybersecurity Framework (CSF)

Question 8

A suite of reports produced during an audit which is used by service
organizations to issue validated reports of internal controls over those information systems to the users of those services

Answer 8

System and Organization Controls (SOC)