Information Protection (IP) Operations study1 Flashcards
ACP 122(F)
ACP 122 (F) COMMUNICATIONS INSTRUCTIONS (SECURITY)
AFH31-602
Industrial Security Program
1.2. Purpose. This instruction implement Executive Order 12829, National Industrial Security Program, DOD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), and DOD 5220.22-R, Industrial Security Regulation (ISR) and AFPD 31-6, Industrial Security.
***It assigns functional responsibilities and establishes a system of review that identifies outdated, inappropriate and unnecessary contractual security requirements. It outlines and provides guidance for establishing on-base integrated contractor visitor groups.
AFI33-115
- Purpose. This instruction defines AF IT Service Management and assigns responsibilities for the configuration, provisioning, maintenance, and management of AFIN using an IT Service Management (ITSM) framework to further integrate capabilities and maintain configuration control of AF networks and data servers. This instruction serves as the single reference for AF IT Service Management policy and applies to all personnel who manage, configure, operate, maintain, defend, or extend any portion of the AFIN or provide support within the AF for the DoDIN and the Joint Information Environment (JIE). 1.1. Procedural guidance supporting this AFI is contained in Methods and Procedures Technical Orders (MPTOs) directing standard processes for management, standardization, and maintenance of AF IT Services applicable to all AF personnel, see paragraph 7.3. 1.2. Cyberspace operational orders as defined in AFI 10-1701 (e.g., AF Cyber Tasking Orders, Cyber Control Orders, AF Time Compliance Network Orders) shall take precedence over information contained in this AFI and supporting MPTOs if there is a conflict.
AFI33-200
Information Assurance (IA) Management
AFI33-230
Information Assurance Assessmentand Assistance Program
AFI33-332
Information Management
Certification and Accreditation
A process for implementing information security. A systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system in in operation.
What AFI is the Air Force Certification and Accreditation program defined in?
AFI 33-210
A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Certification
The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals based on the implementation of an agreed-upon set of security controls.
Accreditation
Another factor of the cert and accreditation process which we must consider. Ensures continuity of operations as changes are validated, approved, and implemented on the Air Force Networks.
Change Management
The process of verifying an identity that is bound to the person that asserts it.
Identification and Authentication
The validation of a claimed identity.
Authentication
Knowledge-Based, Possession-Based, Biometric-Based, Location-Based, Multi-Factor Authentication
Authenticators
Require the user to provide a pre-established piece or several pieces of information in order to authenticate the presented identity.
Based on the on the concept that the user is the only one who knows what the information system expects and therefore is the person identified.
Examples: passwords, PINs
Knowledge-Based Authenticator
Require the user to have physical possession of a specific item (called a token). The user presents the token or performs some action that could only be done if the user had physical possession of their token.
Token contains contains info physically, magnetifcally, or electrically.
Examples: Manual Keys, Challenge-Response Generators, Smart Cards (CAC)
Possession-Based Authenticator
Relies on a unique physical characteristic to verify the identity of a user. Common identifiers include fingerprints, written signatures, voice patterns, typing patterns, retinal/iris scans, and hand geometry.
Tend to cost more that knowledge or possession based authenticators.
Biometric-Based Authenticator
Relies on a physical location of the user to verify their identity. The auth succeeds if the location is a known area you are in, or where you live.
Examples include GPS on phones and credit cards.
Vulnerability in this method is when people who know you well, or researched you start to use your information
Location-Based Authenticator
The combination of two or more of the authenticators used to increase Identification and Authentication to a system or network.
Multi-Factor Authentication
The uses of prescribed safeguards and controls to prevent reconstruction of the magnetic image/data that would disclose sensitive information to persons who do not have the proper clearance or need to know for this information.
Remanence Security
The magnetic image/data that is still left on recordable magnetic media (i.e. floppy disk, tape, hard drive, etc.) after it is erased, overwritten or degaussed (cleared) using an electromagnetic device to null or clear the magnetic pattern/image on the media.
Magnetic Remanence
Procedures for sanitizing magnetic media must be developed in accordance with this technical order.
TO 00-35B-5008, Remanence Security for Information systems.
Who must develop procedures for clearing, sanitizing and destroying media properly to practice remanence security?
Client System Technicians (CST), operators, and users.
