RIST RMF Controls Flashcards

Question 1

Q

AC-1

Answer

A

Access Control - Policy and Procedures

Question 2

Q

AC-2

Answer

A

Access Control - Account Management

Question 3

Q

AC-3

Answer

A

Access Control - Access Enforcement

Question 4

Q

AC-4

Answer

A

Access Control - Information Flow Enforcement

Question 5

Q

AC-5

Answer

A

Access Control - Separation of Duties

Question 6

Q

AC-6

Answer

A

Access Control - Least Privilege

Question 7

Q

AC-7

Answer

A

Access Control - Unsuccessful Logon Attempts

Question 8

Q

AC-8

Answer

A

Access Control - System Use Notification

Question 9

Q

AC-9

Answer

A

Access Control - Previous Logon Notification

Question 10

Q

AC-10

Answer

A

Access Control - Concurrent Session Control

Question 11

Q

AC-11

Answer

A

Access Control - Device Lock

Question 12

Q

AC-12

Answer

A

Access Control - Session Termination

Question 13

Q

AC-13

Answer

A

Access Control - Supervision and Review

Question 14

Q

AC-14

Answer

A

Access Control - Permitted Actions Without Identification or Authentication

Question 15

Q

AC-15

Answer

A

Access Control - Automated Marking

Question 16

Q

AC-16

Answer

A

Access Control - Security and Privacy Attributes

Question 17

Q

AC-17

Answer

A

Access Control - Remote Access

Question 18

Q

AC-18

Answer

A

Access Control - Wireless Access

Question 19

Q

AC-19

Answer

A

Access Control - Access Control for Mobile Devices

Question 20

Q

AC-20

Answer

A

Access Control - Use of External Systems

Question 21

Q

AC-21

Answer

A

Access Control - Information Sharing

Question 22

Q

AC-22

Answer

A

Access Control - Publicly Accessible Content

Question 23

Q

AC-23

Answer

A

Access Control - Data Mining Protection

Question 24

Q

AC-24

Answer

A

Access Control - Access Control Decisions

Question 25

Q

AC-25

Answer

A

Access Control - Reference Monitor

Question 26

Q

AT-1

Answer

A

Awareness and Training - Policy and Procedures

Question 27

Q

AT-2

Answer

A

Awareness and Training - Literacy Training and Awareness

Question 28

Q

AT-3

Answer

A

Awareness and Training - Role-based Training

Question 29

Q

AT-4

Answer

A

Awareness and Training - Training Records

Question 30

Q

AT-5

Answer

A

Awareness and Training - Contacts with Security Groups and Associations

Question 31

Q

AT-6

Answer

A

Awareness and Training - Training Feedback

Question 32

Q

AU-1

Answer

A

Audit and Accountability - Policy and Procedures

Question 33

Q

AU-2

Answer

A

Audit and Accountability - Event Logging

Question 34

Q

AU-3

Answer

A

Audit and Accountability - Content of Audit Records

Question 35

Q

AU-4

Answer

A

Audit and Accountability - Audit Log Storage Capacity

Question 36

Q

AU-5

Answer

A

Audit and Accountability - Response to Audit Logging Process Failures

Question 37

Q

AU-6

Answer

A

Audit and Accountability - Audit Record Review, Analysis, and Reporting

Question 38

Q

AU-7

Answer

A

Audit and Accountability - Audit Record Reduction and Report Generation

Question 39

Q

AU-8

Answer

A

Audit and Accountability - Time Stamps

Question 40

Q

AU-9

Answer

A

Audit and Accountability - Protection of Audit Information

Question 41

Q

AU-10

Answer

A

Audit and Accountability - Non-repudiation

Question 42

Q

AU-11

Answer

A

Audit and Accountability - Audit Record Retention

Question 43

Q

AU-12

Answer

A

Audit and Accountability - Audit Record Generation

Question 44

Q

AU-13

Answer

A

Audit and Accountability - Monitoring for Information Disclosure

Question 45

Q

AU-14

Answer

A

Audit and Accountability - Session Audit

Question 46

Q

AU-15

Answer

A

Audit and Accountability - Alternate Audit Logging Capability

Question 47

Q

AU-16

Answer

A

Audit and Accountability - Cross-organizational Audit Logging

Question 48

Q

CA-1

Answer

A

Assessment, Authorization, and Monitoring - Policy and Procedures

Question 49

Q

CA-2

Answer

A

Assessment, Authorization, and Monitoring - Control Assessments

Question 50

Q

CA-3

Answer

A

Assessment, Authorization, and Monitoring - Information Exchange

Question 51

Q

CA-4

Answer

A

Assessment, Authorization, and Monitoring - Security Certification

Question 52

Q

CA-5

Answer

A

Assessment, Authorization, and Monitoring - Plan of Action and Milestones

Question 53

Q

CA-6

Answer

A

Assessment, Authorization, and Monitoring - Authorization

Question 54

Q

CA-7

Answer

A

Assessment, Authorization, and Monitoring - Continuous Monitoring

Question 55

Q

CA-8

Answer

A

Assessment, Authorization, and Monitoring - Penetration Testing

Question 56

Q

CA-9

Answer

A

Assessment, Authorization, and Monitoring - Internal System Connections

Question 57

Q

CM-1

Answer

A

Configuration Management - Policy and Procedures

Question 58

Q

CM-2

Answer

A

Configuration Management - Baseline Configuration

Question 59

Q

CM-3

Answer

A

Configuration Management - Configuration Change Control

Question 60

Q

CM-4

Answer

A

Configuration Management - Impact Analyses

Question 61

Q

CM-5

Answer

A

Configuration Management - Access Restrictions for Change

Question 62

Q

CM-6

Answer

A

Configuration Management - Configuration Settings

Question 63

Q

CM-7

Answer

A

Configuration Management - Least Functionality

Question 64

Q

CM-8

Answer

A

Configuration Management - System Component Inventory

Answer 65

A

Configuration Management - Configuration Management Plan

Answer 66

A

Configuration Management - Software Usage Restrictions

Answer 67

A

Configuration Management - User-installed Software

Answer 68

A

Configuration Management - Information Location

Answer 69

A

Configuration Management - Data Action Mapping

Answer 70

A

Configuration Management - Signed Components

Answer 71

A

Contingency Planning - Policy and Procedures

Answer 72

A

Contingency Planning - Contingency Plan

Answer 73

A

Contingency Planning - Contingency Training

Answer 74

A

Contingency Planning - Contingency Plan Testing

Answer 75

A

Contingency Planning - Contingency Plan Update

Answer 76

A

Contingency Planning - Alternate Storage Site

Answer 77

A

Contingency Planning - Alternate Processing Site

Answer 78

A

Contingency Planning - Telecommunications Services

Answer 79

A

Contingency Planning - System Backup

Answer 80

A

Contingency Planning - System Recovery and Reconstitution

Answer 81

A

Contingency Planning - Alternate Communications Protocols

Answer 82

A

Contingency Planning - Safe Mode

Answer 83

A

Contingency Planning - Alternative Security Mechanisms

Answer 84

A

Identification and Authentication - Policy and Procedures

Answer 85

A

Identification and Authentication - Identification and Authentication (Organizational Users)

Answer 86

A

Identification and Authentication - Device Identification and Authentication

Answer 87

A

Identification and Authentication - Identifier Management

Answer 88

A

Identification and Authentication - Authenticator Management

Answer 89

A

Identification and Authentication - Authentication Feedback

Answer 90

A

Identification and Authentication - Cryptographic Module Authentication

Answer 91

A

Identification and Authentication - Identification and Authentication (Non-organizational Users)

Answer 92

A

Identification and Authentication - Service Identification and Authentication

Answer 93

A

Identification and Authentication - Adaptive Authentication

Answer 94

A

Identification and Authentication - Re-authentication

Answer 95

A

Identification and Authentication - Identity Proofing

Answer 96

A

Incident Response - Policy and Procedures

Answer 97

A

Incident Response - Incident Response Training

Answer 98

A

Incident Response - Incident Response Testing

Answer 99

A

Incident Response - Incident Handling

Answer 100

A

Incident Response - Incident Monitoring

Answer 101

A

Incident Response - Incident Reporting

Answer 102

A

Incident Response - Incident Response Assistance

Answer 103

A

Incident Response - Incident Response Plan

Answer 104

A

Incident Response - Information Spillage Response

Answer 105

A

Incident Response - Integrated Information Security Analysis Team

Answer 106

A

Maintenance - Policy and Procedures

Answer 107

A

Maintenance - Controlled Maintenance

Answer 108

A

Maintenance - Maintenance Tools

Answer 109

A

Maintenance - Nonlocal Maintenance

Answer 110

A

Maintenance - Maintenance Personnel

Answer 111

A

Maintenance - Timely Maintenance

Answer 112

A

Maintenance - Field Maintenance

Answer 113

A

Media Protection - Policy and Procedures

Answer 114

A

Media Protection - Media Access

Answer 115

A

Media Protection - Media Marking

Answer 116

A

Media Protection - Media Storage

Answer 117

A

Media Protection - Media Transport

Answer 118

A

Media Protection - Media Sanitization

Answer 119

A

Media Protection - Media Use

Answer 120

A

Media Protection - Media Downgrading

Answer 121

A

Physical and Environmental Protection - Policy and Procedures

Answer 122

A

Physical and Environmental Protection - Physical Access Authorizations

Answer 123

A

Physical and Environmental Protection - Physical Access Control

Answer 124

A

Physical and Environmental Protection - Access Control for Transmission

Answer 125

A

Physical and Environmental Protection - Access Control for Output Devices

Answer 126

A

Physical and Environmental Protection - Monitoring Physical Access

Answer 127

A

Physical and Environmental Protection - Visitor Control

Answer 128

A

Physical and Environmental Protection - Visitor Access Records

Answer 129

A

Physical and Environmental Protection - Power Equipment and Cabling

Answer 130

A

Physical and Environmental Protection - Emergency Shutoff

Answer 131

A

Physical and Environmental Protection - Emergency Power

Answer 132

A

Physical and Environmental Protection - Emergency Lighting

Answer 133

A

Physical and Environmental Protection - Fire Protection

Answer 134

A

Physical and Environmental Protection - Environmental Controls

Answer 135

A

Physical and Environmental Protection - Water Damage Protection

Answer 136

A

Physical and Environmental Protection - Delivery and Removal

Answer 137

A

Physical and Environmental Protection - Alternate Work Site

Answer 138

A

Physical and Environmental Protection - Location of System Components

Answer 139

A

Physical and Environmental Protection - Information Leakage

Answer 140

A

Physical and Environmental Protection - Asset Monitoring and Tracking

Answer 141

A

Physical and Environmental Protection - Electromagnetic Pulse Protection

Answer 142

A

Physical and Environmental Protection - Component Marking

Answer 143

A

Physical and Environmental Protection - Facility Location

Answer 144

A

Planning - Policy and Procedures

Answer 145

A

Planning - System Security and Privacy Plans

Answer 146

A

Planning - System Security Plan Update

Answer 147

A

Planning - Rules of Behavior

Answer 148

A

Planning - Privacy Impact Assessment

Answer 149

A

Planning - Security Related Activity Planning

Answer 150

A

Planning - Concept of Operation

Answer 151

A

Planning - Security and Privacy Architectures

Answer 152

A

Planning - Central Management

Answer 153

A

Planning - Baseline Selection

Answer 154

A

Planning - Baseline Tailoring

Answer 155

A

Program Management - Information Security Program Plan

Answer 156

A

Program Management - Information Security Program Leadership Role

Answer 157

A

Program Management - Information Security and Privacy Resources

Answer 158

A

Program Management - Plan of Action and Milestones Process

Answer 159

A

Program Management - System Inventory

Answer 160

A

Program Management - Measures of Performance

Answer 161

A

Program Management - Enterprise Architecture

Answer 162

A

Program Management - Critical Infrastructure Plan

Answer 163

A

Program Management - Critical Infrastructure Plan

Answer 164

A

Program Management - Authorization Process

Answer 165

A

Program Management - Mission and Business Process Definition

Answer 166

A

Program Management - Insider Threat Program

Answer 167

A

Program Management - Security and Privacy Workforce

Answer 168

A

Program Management - Testing, Training, and Monitoring

Answer 169

A

Program Management - Security and Privacy Groups and Associations

Answer 170

A

Program Management - Threat Awareness Program

Answer 171

A

Program Management - Protecting Controlled Unclassified Information on External Systems

Answer 172

A

Program Management - Privacy Program Plan

Answer 173

A

Program Management - Privacy Program Leadership Role

Answer 174

A

Program Management - Dissemination of Privacy Program Information

Answer 175

A

Program Management - Accounting of Disclosures

Answer 176

A

Program Management - Personally Identifiable Information Quality Management

Answer 177

A

Program Management - Data Governance Body

Answer 178

A

Program Management - Data Integrity Board

Answer 179

A

Program Management - Minimization of Personally Identifiable Information Used in Testing, Training, and Research

Answer 180

A

Program Management - Compliant Management

Answer 181

A

Program Management - Privacy Reporting

Answer 182

A

Program Management - Risk Framing

Answer 183

A

Program Management - Risk Management Program Leadership Roles

Answer 184

A

Program Management - Supply Chain Risk Management Strategy

Answer 185

A

Program Management - Continuous Monitoring Strategy

Answer 186

A

Program Management - Purposing

Answer 187

A

Personnel Security - Policy and Procedures

Answer 188

A

Personnel Security - Position Risk Designation

Answer 189

A

Personnel Security - Personnel Screening

Answer 190

A

Personnel Security - Personnel Termination

Answer 191

A

Personnel Security - Personnel Transfer

Answer 192

A

Personnel Security - Access Agreements

Answer 193

A

Personnel Security - External Personnel Security

Answer 194

A

Personnel Security - Personnel Sanctions

Answer 195

A

Personnel Security - Position Descriptions

Answer 196

A

Personally Identifiable Information Processing and Transparency - Policy and Procedures

Answer 197

A

Personally Identifiable Information Processing and Transparency - Authority to Process Personally Identifiable Information

Answer 198

A

Personally Identifiable Information Processing and Transparency - Personally Identifiable Information Processing Purposes

Answer 199

A

Personally Identifiable Information Processing and Transparency - Consent

Answer 200

A

Personally Identifiable Information Processing and Transparency - Privacy Notice

Answer 201

A

Personally Identifiable Information Processing and Transparency - System of Records Notice

Answer 202

A

Personally Identifiable Information Processing and Transparency - Specific Categories of Personally Identifiable Information

Answer 203

A

Personally Identifiable Information Processing and Transparency - Computer Matching Requirements

Answer 204

A

Risk Assessment - Policy and Procedures

Answer 205

A

Risk Assessment - Security Categorization

Answer 206

A

Risk Assessment - Risk Assessment

Answer 207

A

Risk Assessment - Risk Assessment Update

Answer 208

A

Risk Assessment - Vulnerability Monitoring and Scanning

Answer 209

A

Risk Assessment - Technical Surveillance Countermeasures Survey

Answer 210

A

Risk Assessment - Risk Response

Answer 211

A

Risk Assessment - Privacy Impact Assessments

Answer 212

A

Risk Assessment - Criticality Analysis

Answer 213

A

Risk Assessment - Threat Hunting

Answer 214

A

System and Services Acquisition - Policy and Procedures

Answer 215

A

System and Services Acquisition - Allocation of Resources

Answer 216

A

System and Services Acquisition - System Development Life Cycle

Answer 217

A

System and Services Acquisition - Acquisition Process

Answer 218

A

System and Services Acquisition - System Documentation

Answer 219

A

System and Services Acquisition - Software Usage Restrictions

Answer 220

A

System and Services Acquisition - User-installed Software

Answer 221

A

System and Services Acquisition - Security and Privacy Engineering Principles

Answer 222

A

System and Services Acquisition - External System Services

Answer 223

A

System and Services Acquisition - Developer Configuration Management

Answer 224

A

System and Services Acquisition - Developer Testing and Evaluation

Answer 225

A

System and Services Acquisition - Supply Chain Protection

Answer 226

A

System and Services Acquisition - Trustworthiness

Answer 227

A

System and Services Acquisition - Criticality Analysis

Answer 228

A

System and Services Acquisition - Development Process, Standards, and Tools

Answer 229

A

System and Services Acquisition - Developer-provided Training

Answer 230

A

System and Services Acquisition - Developer Security and Privacy Architecture and Design

Answer 231

A

System and Services Acquisition - Tamper Resistance and Detection

Answer 232

A

System and Services Acquisition - Component Authenticity

Answer 233

A

System and Services Acquisition - Customized Development of Critical Components

Answer 234

A

System and Services Acquisition - Developer Screening

Answer 235

A

System and Services Acquisition - Unsupported System Components

Answer 236

A

System and Services Acquisition - Specialization

Answer 237

A

System and Communications Protection - Policy and Procedures

Answer 238

A

System and Communications Protection - Separation of System and User Functionality

Answer 239

A

System and Communications Protection - Security Function Isolation

Answer 240

A

System and Communications Protection - Information in Shared System Resources

Answer 241

A

System and Communications Protection - Denial-of-service Protection

Answer 242

A

System and Communications Protection - Resource Availability

Answer 243

A

System and Communications Protection - Boundry Protection

Answer 244

A

System and Communications Protection - Transmission Confidentiality and Integrity

Answer 245

A

System and Communications Protection - Transmission Confidentiality

Answer 246

A

System and Communications Protection - Network Disconnect

Answer 247

A

System and Communications Protection - Trusted Path

Answer 248

A

System and Communications Protection - Cryptographic Key Establishment and Management

Answer 249

A

System and Communications Protection - Cryptographic Protection

Answer 250

A

System and Communications Protection - Public Access Protections

Answer 251

A

System and Communications Protection - Collaborative Computing Devices and Applications

Answer 252

A

System and Communications Protection - Transmission of Security and Privacy Attributes

Answer 253

A

System and Communications Protection - Public Key Infrastructure Certificates

Answer 254

A

System and Communications Protection - Mobile Code

Answer 255

A

System and Communications Protection - Voice over Internet Protocol

Answer 256

A

System and Communications Protection - Secure Name/Address Resolution Service (Authoritative Source)

Answer 257

A

System and Communications Protection - Secure Name/Address Resolution Service (Recursive or Caching Resolver)

Answer 258

A

System and Communications Protection - Architecture and Provisioning for Name/Address Resolution Service

Answer 259

A

System and Communications Protection - Session Authenticity

Answer 260

A

System and Communications Protection - Fail in Known State

Answer 261

A

System and Communications Protection - Thin Nodes

Answer 262

A

System and Communications Protection - Decoys

Answer 263

A

System and Communications Protection - Platform-independent Applications

Answer 264

A

System and Communications Protection - Protection of Information at Rest

Answer 265

A

System and Communications Protection - Heterogeneity

Answer 266

A

System and Communications Protection - Concealment and Misdirection

Answer 267

A

System and Communications Protection - Covert Channel Analysis

Answer 268

A

System and Communications Protection - System Partitioning

Answer 269

A

System and Communications Protection - Transmission Preparation Integrity

Answer 270

A

System and Communications Protection - Non-modifiable Executable Programs

Answer 271

A

System and Communications Protection - External Malicious Mode Identification

Answer 272

A

System and Communications Protection - Distributed Processing and Storage

Answer 273

A

System and Communications Protection - Out-of-band Channels

Answer 274

A

System and Communications Protection - Operations Security

Answer 275

A

System and Communications Protection - Process Isolation

Answer 276

A

System and Communications Protection - Wireless Link Protection

Answer 277

A

System and Communications Protection - Port and I/O Device Access

Answer 278

A

System and Communications Protection - Sensor Capability and Data

Answer 279

A

System and Communications Protection - Usage Restrictions

Answer 280

A

System and Communications Protection - Detonation Chambers

Answer 281

A

System and Communications Protection - System Time Synchronization

Answer 282

A

System and Communications Protection - Cross Domain Policy Enforcements

Answer 283

A

System and Communications Protection - Alternate Communications Paths

Answer 284

A

System and Communications Protection - Sensor Relocation

Answer 285

A

System and Communications Protection - Hardware-enforced Separation and Policy Enforcement

Answer 286

A

System and Communications Protection - Software-enforced Separation and Policy Enforcement

Answer 287

A

System and Communications Protection - Hardware-based Protection

Answer 288

A

System and Information Integrity - Policy and Procedures

Answer 289

A

System and Information Integrity - Flaw Remediation

Answer 290

A

System and Information Integrity - Malicious Code Protection

Answer 291

A

System and Information Integrity - System Monitoring

Answer 292

A

System and Information Integrity - Security Alerts, Advisories, and Directives

Answer 293

A

System and Information Integrity - Security and Privacy Function Verification

Answer 294

A

System and Information Integrity - Software, Firmware, and Information Integrity

Answer 295

A

System and Information Integrity - Spam Protection

Answer 296

A

System and Information Integrity - Information Input Restrictions

Answer 297

A

System and Information Integrity - Information Input Validation

Answer 298

A

System and Information Integrity - Error Handling

Answer 299

A

System and Information Integrity - Information Management and Retention

Answer 300

A

System and Information Integrity - Predictable Failure Prevention

Answer 301

A

System and Information Integrity - Non-persistence

Answer 302

A

System and Information Integrity - Information Output Filtering

Answer 303

A

System and Information Integrity - Memory Protection

Answer 304

A

System and Information Integrity - Fail-safe Procedures

Answer 305

A

System and Information Integrity - Tainting

Answer 306

A

System and Information Integrity - Personally Indentifiable Information Quality Operations

Answer 307

A

System and Information Integrity - De-identification

Answer 308

A

System and Information Integrity - Information Refresh

Answer 309

A

System and Information Integrity - Information Diversity

Answer 310

A

System and Information Integrity - Information Fragmentation

Answer 311

A

Supply Chain Risk Management - Policy and Procedures

Answer 312

A

Supply Chain Risk Management - Supply Chain Risk Management Plan

Answer 313

A

Supply Chain Risk Management - Supply Chain Controls and Processes

Answer 314

A

Supply Chain Risk Management - Provenance

Answer 315

A

Supply Chain Risk Management - Acquisition Strategies, Tools and Methods

Answer 316

A

Supply Chain Risk Management - Supplier Assessments and Reviews

Answer 317

A

Supply Chain Risk Management - Supply Chain Operations Security

Answer 318

A

Supply Chain Risk Management - Notification Agreements

Answer 319

A

Supply Chain Risk Management - Tamper Resistance and Detection

Answer 320

A

Supply Chain Risk Management - Inspection of Systems or Components

Answer 321

A

Supply Chain Risk Management - Component Authenticity

Answer 322

A

Supply Chain Risk Management - Component Disposal

Brainscape's Knowledge GenomeTM

RIST RMF Controls Flashcards

Brainscape's Knowledge Genome^TM