3A

Question 1

DAFMAN90-161 defines a publication as…?

Answer 1

“an officially produced, published, and distributed
document issued for compliance, implementation, and or information.”

Question 2

What are two types of documents or issuances that establish and implement DoD policy?

Answer 2

Department of Defense instructions (DoDIs) and manuals (DoDMs)

Question 3

What are issuances?

Answer 3

Issuances prescribe the manner or a specific plan or action for carrying out the policy, operating a program or activity, and assigning responsibilities.

Question 4

What does a publication provide?

Answer 4

Publications provide a wide variety of technical and nontechnical information. Some publications are directive in nature and tell how a task is to be accomplished. Other publications provide guidance and processes. All publications convey information pertaining to a subject.

Question 5

Who do DODI’s and DODM’s apply to?

Answer 5

DODIs and DODMs apply to all military whether active duty, guard and reserve military, DoD civil service employees, and contractors as specified in their Statement of Work.

Question 6

According to DoDI 50251.01, DODI’s…?

Answer 6

“establishes policy and . . . may provide general procedures
for implementing policy.”

Question 7

What do DODI’s do?

Answer 7

They prescribe the manner or a specific plan or action for carrying out
the policy, operating a program or activity, and assigning responsibilities within a functional area assigned in an OSD Component head’s charter.

Question 8

Where can DODI’s be found?

Answer 8

DoDIs are found in the Executive Services Division website

https://www.esd.whs.mil/Directives/issuances/dodi/

where they are downloadable in .pdf format.

Question 9

If you download a DODI, ensure when you reference it that you are?

Answer 9

Ensure the version you are using is current. You will not be notified of any changes made to DODI’s.

Question 10

According to DoDI 50251, DODM’s…?

Answer 10

“implements policy established in a DoDD or DoDI by providing detailed procedures for carrying out that policy”

Question 11

What do DODM’s do?

Answer 11

DoDMs are authorized by a directive or instruction and identify uniform procedures for managing or operating systems and provide administrative information. DoDMs consist of procedures that usually contains examples for performing specific tasks, may be separated into volumes, and may contain a policy section.

Question 12

Where can DODM’s be found?

Answer 12

DoDMs are found in the Executive Services Division website

https://www.esd.whs.mil/Directives/issuances/dodi/

and are downloadable in .pdf format.

Question 13

What are AFIs?

Answer 13

AFIs are orders of the Secretary of the Air Force and are certified and approved at the Headquarters Air Force (Secretariat or Air Staff) level.

Question 14

What do AFIs do?

Answer 14

AFIs generally instruct readers on “what to do,” i.e., direct action, ensure compliance to standard actions Air Force-wide.

Question 15

AFIs are like DoDIs but…?

Answer 15

they are written for members of the United States Air Force and intended for use by active duty, guard, and reserve members and associated civilians. Contractors abide by AFIs identified in their Statement of Work.

Question 16

AFIs are grouped into what?

Answer 16

Into series. For example, Cyber is series 17. This means that all cyber related AFIs start with a 17 such as AFI17-203 Cyber Incident Handling.

Question 17

Is compliance with AFIs mandatory?

Answer 17

Yes and failure to comply with an AFI can result in action taken under the Uniform Code of Military Justice.

Question 18

Where can AFIs be found?

Answer 18

Most AFIs are electronic and can be downloaded from the Air Force Portal or the E-Pubs website at

https://www.e-publishing.af.mil.

Question 19

Some AFIs cannot be accessed through E-Pubs due to…?

Answer 19

due to security concerns. These are identified during the access process
prompting you to order them through the Warehouse Management System (WMS).

Question 20

How do you acquire a WMS account?

Answer 20

You obtain a WMS account at the WMS website provided by E-Pubs.

Question 21

What does AFI stand for?

Answer 21

Air Force Instructions

Question 22

AFIs are also sometimes called?

Answer 22

DAFIs - Department of the Air Force Instruction

Question 23

What does TIA stand for?

Answer 23

The Telecommunications Industry Association

Question 24

Who is TIA accredited by?

Answer 24

the American National Standards Institute (ANSI)

Question 25

What does TIA do?

Answer 25

develop voluntary, consensus-based industry standards for a wide
variety of Information and Communication Technologies (ICT) products.

Question 26

How often does TIA review their standards?

Answer 26

Every 5 years

Question 27

TIA standards are used in what?

Answer 27

TIA standards are used in designing and installing networks and are commercial products.

Question 28

Where can TIA standards be found?

Answer 28

TIA standards are purchased at the website

https://global.ihs.com/

Question 29

How are TIA standards developed?

Answer 29

TIA standards documents are developed within the Technical Committees of the TIA and the standards coordinating committees of the TIA standards board.

Question 30

A Military Standard is commonly referred to as?

Answer 30

MIL-STD

Question 31

What do MIL-STDs do?

Answer 31

Detail the processes and materials to be used to make the product.

Question 32

How does MIL-STD differ from commercial standards?

Answer 32

A MIL-STD differs from a commercial standard because it is a
defense standard that establishes uniform engineering and technical requirements for military-unique or substantially modified commercial processes, procedures, practices, and methods.

Question 33

What are the five types of defense standards?

Answer 33

interface standards, design criteria standards, manufacturing process standards, standard practices, and test method standards.

Question 34

Where can MIL-STDs be found?

Answer 34

MIL-STDs can be downloaded in a .pdf file at http://everyspec.com/MIL-STD/

Question 35

What does STIG stand for?

Answer 35

Security Technical Implementation Guide

Question 36

What is STIG?

Answer 36

a cybersecurity methodology for standardizing security protocols within networks, servers, computers, and logical designs to enhance overall security.

Question 37

STIGS identify what?

Answer 37

Vulnerabilities and provide corrective actions in the form of a
checklist.

Question 38

Who is STIGS managed by?

Answer 38

DISA - Defense Information Security Agency

Question 39

DISA STIGS fall into how many categories?

Answer 39

Three - Category I, II and III

Question 40

What does a STIGS Category I refer to?

Answer 40

Category I refers to any vulnerability that will directly and immediately result in loss of confidentiality, availability, or integrity.

Question 41

Which category has the most risks and why?

Answer 41

Category I risks are the most severe, as they may result in loss of life, damage to facilities, or a mission failure.

Question 42

What does a STIGS Category II refer to?

Answer 42

Refers to any vulnerability that can result in loss of confidentiality,
availability, or integrity.

Question 43

What can a STIGS Category II lead to?

Answer 43

These vulnerabilities can lead to a Category I vulnerability,
result in personal injury, damage to equipment or facilities, and degrade a mission.

Question 44

What can a STIGS Category I lead to?

Answer 44

Category I vulnerabilities can allow unauthorized access to classified data or facilities and can lead to a denial of service or access.

Question 45

What does a STIGS Category III refer to?

Answer 45

Category III refers to any vulnerability that degrades measures to protect against loss of confidentiality, availability, or integrity.

Question 46

What can a STIGS Category III lead to?

Answer 46

These vulnerabilities can lead to a Category II vulnerability, delay in recovering from an outage, or affect the accuracy of data and information.

Question 47

Where can you access STIGS?

Answer 47

Unlike most publications which are in a .pdf format, the STIG is viewed with a STIG Viewer downloaded from the STIG website

https://cyber.mil/stigs/srg-stig-tools/.