DODI 8510.01, RISK MANAGEMENT FRAMEWORK (RMF) FOR DOD INFORMATION TECHNOLOGY (IT) Flashcards
Which approach to cybersecurity risk management as described in NIST SP 800-39 is implemented by the DoD RMF governance structure?
Which Tier level in RMF addresses risk management at the DoD enterprise level?
Who directs and oversees the cybersecurity risk management of DoD IT?
Department of Defense Chief Information Officer (DoD CIO)
What performs the DoD Risk Executive Function?
DoD Information Security Risk Management Committee (ISRMC)
What is the community forum for reviewing and resolving authorization issues related to the sharing of community risk?
Defense IA Security Accreditation Working Group (DSAWG)
Who oversees the RMF TAG and the online KS?
Department of Defense Senior Information Security Officer (DoD SISO)
What provides implementation guidance for the RMF by interfacing with the DoD component cybersecurity programs, cybersecurity communities of interest (COIs), and other entities to address issues that are common across all entities?
Risk Management Framework Technical Advisory Group (RMF TAG)
What supports RMF implementation, planning, and execution by functioning as the authoritative source for RMF procedures and guidance?
Who must monitor and track overall execution of system-level POA&Ms?
Who develops, maintains, and tracks security plans for assigned IS and PIT systems?
Information System Owners (ISOs)
PMs must ensure periodic reviews, testing and assessment of assigned IS and PIT systems are conducted at least how often?
PMs must ensure T&E of assigned IS and IT systems is planned, resourced, and documented in the program T&E master plan in accordance with which reference?
What reduces redundant testing, assessing and documentation, and the associated cost in time and resources?
What must PMs and ISOs who are deploying systems across DoD Components post security authorization documentation to in order to provide visibility of authorization status and documentation to planned receiving sites?
Enterprise Mission Assurance Support Service (eMASS)
Which reference contains DoD policy for Unified Capabilities (UC)?