Terms

Question 1

ACAS: Assured Compliance Assessment

Answer 1

Solution. Includes a suite of products to include the Security Center, Nessus Scanner and the Nessus Network Monitor (formerly the Passive Vulnerability Scanner) which is provided by DISA to DoD Customers at no cost. DISA’s Cyber Development (CD) provides program management for the Enterprise ACAS offering as well as help desk support and training.

Question 2

AOA

Answer 2

Analysis of Alternatives

an analytical comparison of the operational effectiveness, suitability, and life-cycle cost of alternatives that satisfy established capability needs.

Question 3

ATHENA

Answer 3

Advanced Threat Hunt & Enterprise Network Analysis (Greek God of wisdom and war)

Question 4

BIP

Answer 4

Budget prepared using a previous period budget or actual performance as a basis with incremental amounts added for the new budget period.

Question 5

CAGE Code

Answer 5

Commercial and Government Entity is five-character ID number used extensively within the U.S. federal government, assigned by the DoD Logistics Agency. The code provides a standardized method of identifying a given facility at a specific location.

Question 6

CCE

Answer 6

Collaborative Capture Environment

Question 7

CCI

Answer 7

Control Correlation Identifier. Provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control. Described how a control is implemented, i.e., what settings need to be validated. 1602 for DCSA systems at moderate, low, low

Question 8

CCRI

Answer 8

Command Cyber Readiness Inspection. Describes IA control or IA best practice.

Question 9

CDRL

Answer 9

Contract Data Requirements List DD Form 1423

Question 10

CISSP

Answer 10

Certified Information Systems Security Professional. Approved by DoD through DoDD 8570 Information Assurance Workforce Improvement Program

Question 11

CSIRC

Answer 11

Cybersecurity Intelligence and Response Center (CSIRC)

Question 12

CAISWG

Answer 12

Community Association of Information Systems Security Working Group

Question 13

Cloudbank

Answer 13

CloudBank will help NSF by bundling multiple small requests that come directly to NSF into a bulk request to cloud providers, dis-incentivizing more costly direct connections. Through this aggregation and innovative financial contract types, CloudBank will pass along savings to researchers that would otherwise be unavailable to them.

Question 14

CNDSP

Answer 14

Computer Network Defense Service Provider

Question 15

CNSSI 1253

Answer 15

Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems

Question 16

COTR

Answer 16

Contracting Officer’s Technical Representative

Question 17

CSSP

Answer 17

Cybersecurity CSSP: Cybersecurity service provider

Question 18

CTTA

Answer 18

Certified TEMPEST Technical Authority

Question 19

CVE

Answer 19

Common vulnerability exploit

Question 20

DAAPM

Answer 20

DCSA Assessment and Authorization Process Manual

Question 21

DCSA

Answer 21

Defense Counterintelligence and Security Agency

Question 22

DD From 254

Answer 22

DoD Contract Security Specification

Question 23

DFARS

Answer 23

Defense Federal Acquisition Regulation Supplement

Question 24

DISS

Answer 24

Defense Information System for Security. Replacement for Joint Personnel Adjudication System (JPAS) effective 22 February 2021

Question 25

EDR

Answer 25

Endpoint Detection and Response

Question 26

eMASS

Answer 26

Enterprise Mission Assurance Support Service

Question 27

FAR

Answer 27

Federal Acquisition Regulation

Question 28

FEDRAMP

Answer 28

Federal Risk and Authorization Management Program

Question 29

HBSS

Answer 29

Host Based Security System. DoD mandated tool used to provide intrusion prevention services with behavioral and signature protection. Also provides firewall protections.

Question 30

HIPAA

Answer 30

Health Insurance Portability and Accountability Act

Question 31

HPCMP

Answer 31

High performance Computing Modernization Program

Question 32

IPA MSP

Answer 32

Industry Partner Access Managed Service Provider

Question 33

ISOO

Answer 33

Information Security Oversight Office

Question 34

ISR

Answer 34

Intelligence Surveillance and Reconnaissance

Question 35

ISSP

Answer 35

DCSA Information Systems Security Professional

Question 36

ISWG

Answer 36

Industrial Security Working Group

Question 37

JSIG

Answer 37

Joint Special Access Program Implementation Guide (Army, Navy, Air Force)

Question 38

MAG

Answer 38

Microsoft Azure Government

Question 39

MPOE

Answer 39

Minimum point of entry. The closest point where the wires of a telecommunications provider (e.g., a cable company) enter or pass through a property/building. The MPOE can be underground, in the air, in a box in the basement, or outside the building.

Question 40

MUSA

Answer 40

Multi-user Standalone

Question 41

NESSUS

Answer 41

Proprietary vulnerability scanner developed by Tenable

Question 42

NIAP

Answer 42

National Information Assurance Partnership

Question 43

NICE Framework

Answer 43

National Initiative for Cybersecurity Education, NIST 800-181 rev 1 Workforce Framework for Cybersecurity

Question 44

NISP

Answer 44

National Industrial Security Program is a partnership between the federal government and private industry to safeguard classified information. Executive Order 12829 “National Industrial Security Program”, amended by Section 6 of E.O. 13691 was established to achieve cost savings and ensure that industry safeguards the classified information with which it is entrusted while performing work on contracts, programs, bids or R&D efforts working for the U.S. government.

Question 45

NISPPAC

Answer 45

National Industrial Security Program Policy Advisory Committee. Created under section 103 of E.O. 12829, to ensure the partnership between the government and industry. The committee advised the ISOO on all matters related to NISP policies.

Question 46

NIST

Answer 46

Nation Institute of Standards and Technology

Question 47

NISA WG

Answer 47

NISPPAC Information Systems Authorization Working Group

Question 48

NSF

Answer 48

National Science Foundation

Question 49

ODAA

Answer 49

Office of the Designated Authorization Authority

Question 50

ODC

Answer 50

Other Direct Costs in budget

Question 51

POA&M

Answer 51

Plan of action and milestones

Question 52

PowerShell

Answer 52

PowerShell or Microsoft PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting

Question 53

PQS

Answer 53

Personnel Qualification Standards

Question 54

RACI

Answer 54

Responsible, accountable, consulted, and informed

Question 55

RMF

Answer 55

The Risk Management Framework (RMF) provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.

NIST SP 800-30, entitled Guide for Conducting Risk Assessments, provides an overview of how risk management fits into the system development life cycle (SDLC) and describes how to conduct risk assessments and how to mitigate risks.
NIST SP 800-37 discusses the risk management framework itself and contains much of the information we’ll cover in the remainder of this guide.
Finally, NIST SP 800-39, titled Managing Information Security Risk, defines the multi-tiered, organization-wide approach to risk management crucial for reaching compliance with the RMF.

Question 56

RMF Artifacts

Answer 56

SSP: System security plan
SCTM: System control traceability matrix
POA&M: Plan of action and milestones
RAR: Risk assessment report
SAR: Security assessment report (from AO)
ATO: Approval to operate (from AO)

Question 57

SCAP

Answer 57

Security Content Automation Protocol Validation Program. The Security Content Automation Protocol is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA compliance.

Question 58

SDP

Answer 58

Software defined perimeter

Question 59

SDREN

Answer 59

Secret Defense Research and Engineering Network

Question 60

SD-WAN

Answer 60

Software-defined wide area network (or networking). A virtual WAN architecture that allows enterprises to leverage any combination of transport services—including MPLS, LTE and broadband internet services—to securely connect users to applications.

Question 61

SEIM

Answer 61

Security Event & Incident Management

Question 62

SIPRNet

Answer 62

Secret Internet Protocol Router Network. A system of interconnected computer networks used by the U.S. Department of Defense and the U.S. Department of State to transmit classified information by packet switching over the ‘completely secure’ environment

Question 63

SOAR

Answer 63

Security Orchestration, Automation, and Response. SOAR platforms are a collection of security software solutions and tools for browsing and collecting data from a variety of sources. … SOAR allows companies to collect threat-related data from a range of sources and automate the responses to the threat.

Question 64

STIG

Answer 64

Security Technical Implementation Guides

Question 65

STIG Viewer

Answer 65

A GUI java based application provided to open content and create checklists for managing the security setting on your system or network. Many use it to manage and edit their checklists. It is not the greatest tool, but it gets the job done, with a lot of manual labor

Question 66

SWOT analysis

Answer 66

Strengths, weaknesses, opportunities, threats

Question 67

TAA

Answer 67

Trade agreement acts. Created to foster fair international trade with certain designated countries. Companies who are working with foreign-made products or services need to be aware of what companies are restricted in order to remain compliant with the TAA and GSA.

Question 68

TEMPEST

Answer 68

Telecommunications Electronics Material Protected from Emanating Spurious Transmissions

Question 69

TISC

Answer 69

Technology & Information Security Committee

Question 70

TSG

Answer 70

Telecommunications Security Group, Committee on National Security Systems (CNSS) standards

Question 71

IA Role/Responsibility

Answer 71

Establishes and implements standard practices and procedures that protect classified information and classified information systems by assuring availability, integrity, authentication, confidentiality, and non- repudiation. These measures include incorporating security controls, detection, and response capabilities based on government regulations, directives, and standards.

Question 72

IA Activity

Answer 72

Establish, document, test, and continuously monitor security controls required for the protection of classified information systems. Maintain government authorizations for continued operation of classified systems supporting contracts. Provide System Development Life Cycle (SDLC) support to include, analysis, planning, design, implementation, maintenance and disposal/re-utilization of hardware and data to support contract requirements.

Question 73

ISO 31000

Answer 73

an international standard that provides principles and guidelines for risk management. It outlines a comprehensive approach to identifying, analyzing, evaluating, treating, monitoring and communicating risks across an organization.

Question 74

EU General Data Protection Requirements

Answer 74

The GDPR lists the rights of the data subject, meaning the rights of the individuals whose personal data is being processed. These strengthened rights give individuals more control over their personal data, including through: the need for an individual’s clear consent to the processing of his or her personal data.

Question 75

NIST 800-53

Answer 75

What is NIST 800-53? NIST SP 800-53 provides a list of controls that support the development of secure and resilient federal information systems. These controls are the operational, technical, and management standards and guidelines information systems use to maintain confidentiality, integrity, and availability.

Question 76

NIST 800-171

Answer 76

a codification of the requirements that any non-Federal computer system must follow in order to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such system

Question 77

ICD 705

Answer 77

This document is the implementing specification for Intelligence Community Directive (ICD) 705 (Sensitive Compartmented Information Facilities), ICS 705-01, and ICS 705-02 (Standards for Accreditation and Reciprocal Use of Sensitive Compartmented Information Facilities.

Question 78

SMART Goals

Answer 78

Specific

Measurable

Attainable

Relevant

Time-bound

Question 79

ICD 703

Answer 79

Protection of Classified National Intelligence, Including SCI. ICD 704 - Personnel Security. ICD 705 - Sensitive Compartmented Information Facilities. ICD 706 - Security Standards for Protecting Domestic IC Facilities. ICD 707 - Counterintelligence and Security Support for U.S. Diplomatic Facilities Abroad.

Question 80

Technical core competencies

Answer 80

Digital modernization
Cyber operations
Missions software systems
Integrated systems
Mission operations

Question 81

SDREN

Question 82

NISPOM (National Industrial Security Program Operating Manual),

Answer 82

sets comprehensive standards to establish requirements for protecting classified information disclosed to or developed by: contractors, licensees, grantees, or certificate holders to prevent prohibited disclosure.

final rule on December 21, 2020 (85 FR 83300–83364) National Industrial Security Program Operating Manual (NISPOM) to add 32 CFR part 117 to the Code of Federal Regulations (CFR). The rule was effective on February 24, 2021.

Question 83

FISMA

Answer 83

FISMA is the Federal Information Security Modernization Act of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

Question 84

FEDRAMP

Answer 84

The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.[1]

There are two ways to authorize a cloud service through FedRAMP: a Joint Authorization Board (JAB) provisional authorization (P-ATO),[5] and through individual agencies.[6]
Before the introduction of FedRAMP, individual federal agencies managed their own assessment methodologies following guidance set by the Federal Information Security Management Act of 2002.[7]
FedRAMP provides accreditation for cloud services for the various cloud offering models which are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service, (SaaS).