Lesson 6 Definitions

Question 1

Organizational culture

Answer 1

A set of values and ideas that reflect acceptable and unacceptable practices and behaviors within an organization

Question 2

Cybersecurity culture

Answer 2

The combined organizational factors that put every employee in the position to behave in ways that support cybersecurity or ways that place the company at risk

Question 3

Institutionalization

Answer 3

The action of establishing something as a convention or norm in an organization or culture

Question 4

Governance

Answer 4

The policies, procedures and controls that are utilized by the OSC to assure sustainment and continual improvement with respect to detection, prevention, and response to cyber incidents

Question 5

Policy

Answer 5

An artifact or collection of artifacts that establishes governance over the implementation of CMMC practices and activities

Question 6

Procedure

Answer 6

The documented details for how an activity is implemented to achieve a desired outcome. A procedure should provide enough detail for a trained individual to perform the activity.

Question 7

Plan

Answer 7

An artifact or collection of artifacts that provide oversight for implementing defined CMMC policies

Question 8

Gap Analysis

Answer 8

An evaluation that examines the organization’s processes ‘as performed’ to identify issues, impediments, and potential risks to sustained implementation

Question 9

Evidence Validation

Answer 9

An evaluation that examines sufficiency of evidence presented by the OSC, ensuring it meets the intent and objectives of the control or practice

Question 10

Certification Assessment Readiness Review (CA-RR)

Answer 10

A preliminary but formal review to verify the OSC’s readiness for the Assessment against the identified Assessment planning parameters and Assessment scope