Random Questions Flashcards
What does RMF stand for?
Risk Management Framework
How many steps are in the RMF?
Seven
What are the abbreviated RMF steps?
Prepare, Categorize, Select, Implement,
Assess, Authorize, Monitor
Who is invited to the kickoff meeting?
The Subject Matter Experts (SME’s)
Project Manager
Software Engineer, Network Engineer, System Engineer
Hardware Team
Common Control Provider
Authorizing Official (AO)
Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
Information System Security Officer (ISSO)
What is discussed during the kickoff meeting?
C.I.A. of the system
Location of the system
Cost of the system
A Unique Identification number is assigned to the system
Overlays
Assessment scheduled start and end date and what is expected during assessment.
What are the types of overlays?
Privacy, ISO, IEC, CDS, IC
What publications are used in the Prepare step?
NIST-800-30 | Conducting Risk Assessments
NIST-800-37 | RMF 1-7
NIST-800-39 | Managing Risk
NIST-800-18 | How to develop an SSP (Creation of the SSP)
What is categorization?
The security categorization of Federal systems and step 2 of RMF.
What are the two types of systems?
GSS and Major Application System
Which system requires an assessement of the whole system?
GSS - General Support System
Which system requires an assessment of one application?
Major Application System
How many security impacts are there?
Five
What are the five security impacts?
Critical, High, Moderate, Low, N/A
How soon must you remediate a critical security impact?
Immediately or 30 days
How soon must you remediate a high security impact?
Immediately or 30 days
How soon must you remediate a moderate security impact?
60 days