Practices (L1) Flashcards

General practice and purpose memorization.

1
Q

AC.L1-3.1.1

A

Title: Authorized Access Control
Access Control (AC)
Level 1

Purpose: Limit information system access to authorized users, processes acting on behalf of authorized users or devices.

FAR 52.204-21 Basic Safeguard: Limit access to authorized users, processes, or devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AC.L1-3.1.2

A

Title: Transaction & Function Control

Access Control (AC)
Level 1

Purpose: Limit IS access to the types of transactions and functions that authorized users are permitted to execute.

FAR 52.204-21 Basic Safeguard: Limit access to the type of actions that authorized users are permitted to execute.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AC.L1-3.1.22

A

Title: Control Public Information

Access Control (AC)
Level 1

Purpose: Control information posted or processed on publicly accessible information systems.

FAR 52.204-21 Basic Safeguard: Control information posted or processed on publicly accessible systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AC.L1-3.1.20

A

Title: External Connections

Access Control (AC)
Level 1

Purpose: Verify and control/limit connections to and use of external information systems.

FAR 52.204-21 Basic Safeguard: Verify and control (or limit) connections to external information systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IA.L1-3.5.1

A

Title: Identification

Identification and Authentication (IA)
Level 1

Purpose: Identify information system users, processes acting on behalf of users or devices.

FAR 52.204-21 Basic Safeguard: Identify information system users, processes, or devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IA.L1-3.5.2

A

Title: Control Public Information

Identification and Authentication (IA)
Level 1

Purpose: Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access t organizational information systems.

FAR 52.204-21 Basic Safeguard: Authenticate identities of users, processes, or devices prior to allowing access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

MP.L1-3.8.3

A

Title: Media Disposal

Media Protection (MP)
Level 1

Purpose: Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.

FAR 52.204-21 Basic Safeguard: Sanitize or destroy media containing Federal Contract Information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PE.L1-3.10.1

A

Title: Limit Physical Access

Physical Protection (PE)
Level 1

Purpose: Limit physical access to organizational information systems, equipment and the respective operating environments to authorized individuals.

FAR 52.204-21 Basic Safeguard: Limit physical access to information systems, equipment, and operating environment to authorized individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PE.L1-3.10.3

A

Title: Escort Visitors

Physical Protection (PE)
Level 1

Purpose: Escort visitors and monitor visitor activity.

FAR 52.204-21 Basic Safeguard: Escort visitors, monitor visitor activity, maintain audit logs of visitor activity, and control and manage physical access devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PE.L1-3.10.4

A

Title: Physical Access Logs

Physical Protection (PE)
Level 1

Purpose: Maintain audit logs of physical access.

FAR 52.204-21 Basic Safeguard: None.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PE.L1-3.10.5

A

Title: Manage Physical Access

Physical Protection (PE)
Level 1

Purpose: Control and manage physical access devices (keys, combos, etc.)

FAR 52.204-21 Basic Safeguard: None.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SC.L1-3.13.1

A

Title: Boundary Protection

System and Communications Protection (SC)
Level 1

Purpose: Monitor, control, and protect organizational communication s(i.e.,information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information system.

FAR 52.204-21 Basic Safeguard: Monitor, control, and protect organizational communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SC.L1-3.13.5

A

Title: Public-Access System Separation

System and Communications Protection (SC)
Level 1

Purpose: Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

FAR 52.204-21 Basic Safeguard: Implement subnetworks for publicly accessible system components that are separated from internal networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SI.L1-3.14.1

A

Title: Flaw Remediation

System and Information Integrity (SI)
Level 1

Purpose: Identify, report, and correct information and information system flaws in a timely manner.

FAR 52.204-21 Basic Safeguard: Identify, report, and correct information and system flaws in a timely manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SI.L1-3.14.2

A

Title: Malicious Code Protection

System and Information Integrity (SI)
Level 1

Purpose: Provide protection from malicious code at appropriate locations within organizational information systems.

FAR 52.204-21 Basic Safeguard: Provide protection from malicious code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SI.L1-3.14.4

A

Title: Update Malicious Code Protection

System and Information Integrity (SI)
Level 1

Purpose: Update malicious code protection mechanisms when new releases are available.

FAR 52.204-21 Basic Safeguard: Update malicious code protection mechanisms when new releases are available.

17
Q

SI.L1-3.14.5

A

Title: System & File Scanning

System and Information Integrity (SI)
Level 1

Purpose: Perform periodic scans of the system and real-time scans of files rom external sources as files are downloaded, opened, or executed.

FAR 52.204-21 Basic Safeguard: Perform periodic scans of the system and real-time scans of file from external sources as files are downloaded, opened, or executed.