Practice Information Flashcards

Info from Discussion

1
Q

SI.14.2 - Malicious Code Protection

A

5 Points

800-83 for Malware Incident guidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SI.14.3 - Security Alerts & Advisories

A

5 Points

NIST SP 800-161 SCRM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SI.14.6 - Monitor Communications for Attack

A

5 Points

NIST SP 800-94 for IDS/IPS

Supports AU.L2-3.1.1 - System Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SI 14.7 - Identify Unauthorized Use

A

5 Points

Related to: 3.1.1, 3.3.1, 3.5.1, 3.5.2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AC. 1.1 - Authorized Access Control

A

5 Points

Leverages 3.5.1 (identification)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AC. 1.3 - Control CUI Flow

A

1 Point

NIST SP 800-41 Guidance on firewalls and firewall policy
NIS SP 800-125B Guidance on security for virtualization technologis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AC. 1.7 - Privileged Functions

A

1 Point

Leverages AU-3.3.2, which ensures logging and traceability of user actions
Extends AC-3.1.2 which defined requirements to limit types of transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AC. 1.12 - Control Remote Access

A

5 points
*Do not subtract points if remote access is not permitted.

NIST SP 800-46, 77, 113 Guidance on secure remote access and VPNs

Compliments 5 other Remote Access practices: AC.3.1.14 (remote access routing), 3.1.13 (crypto for remote), 3.1.15 (auth’d priv cmds for remote), IA.3.5.3 (MFA), MA.3.7.5 (MFA remote maintenance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AC 1.13 - Remote Access Confidentiality

A

5 points

Compliments 5 other practices: AC.3.1.14 (remote access routing), 3.1.12 (Control Remote Access) , 3.1.15 (auth’d priv cmds for remote), IA.3.5.3 (MFA), MA.3.7.5 (MFA remote maintenance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AC 1.14 - Remote Access Routing

A

1 Point

Compliments 5 other practices:
3.1.12 (Control Remote Access), 3.1.13 (crypto for remote), 3.1.15 (auth’d priv cmds for remote), IA.3.5.3 (MFA), MA.3.7.5 (MFA remote maintenance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AC 1.15 - Privileged Remote Access

A

1 point

Compliments 5 other Remote Access practices: AC.3.1.14 (remote access routing), 3.1.13 (crypto for remote), 3.1.12 (Control Remote Access), IA.3.5.3 (MFA), MA.3.7.5 (MFA remote maintenance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AC. 1.16 - Wireless Access Authorization
AC 1.17 - Wireless Access Protection
AC 1.18 - Mobile Device Connection

A

5 points

Complimentary Practices: AC.3.1.16 (Wx Access Auth), AC.3.1.17 (Wx Access Protection), and AC.3.1.18 (Mobile Device Connection)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AC 1.19 - Encrypt CUI on Mobile

A

3 points

Extends three other CUI protection practices: MP.3.8.1 (CUI media protection), MP.3.8.2 (limit access to CUI), SC.3.13.16 (CUI data at rest)

Leverages SC.3.13.11 (FIPS), and SC.3.13.10 (crypto key management)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AU.3.2 - User Accountability

A

3 points

Supports AC.3.1.7 (control non-priv users) and other on auditing, CM, IR, and situation awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AU.3.3 - Event Review

A

1 point

Focused on configuration of auditing system, NOT the review of audit records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CM 4.7 - Nonessential Functionality

A

5 points

Extends CM.3.4.6 - Least Functionality

17
Q

CM.4.8 - Application Execution Policy

A

5 Points

Leverages CM 3.4.1 (software inventories) and extends CM.3.4.9 (requires control/monitoring of user installed software)

18
Q

IA.5.1 - Identification

A

5 points

Creates a vetted ad trusted ID supporting 3.1.1 (Auth Access)

19
Q

MA.7.4 - Media Inspection

A

3 points

Extends both SI 3.14.2 and 3.14.4 (require implementation/updating of mechanisms to protect systems from mal code).

MA.3.7.4 extends this requirement to diagnostic and testing tools.

20
Q

MP.8.4 - Media Marking

A

1 point

MP.3.8.8 requires media have an identifiable owner – could be desirable to include owner in the marking.

21
Q

RA.11.1 - Risk Assessment

A

3 points

Enables other RA practices such as 11.3 (Vuln Remediation) and CA.3.12.2 (Plan of Action)

22
Q

CA.12.2 - Pan of Action

A

3 points

Driven by RA.3.11.1 (risk assessments)
Promotes CA.12.3 (security control monitoring)

23
Q

CA.12.3 - Security Control Monitoring

A

5 points