Unit 11 Flashcards Preview

UCT Test #1 > Unit 11 > Flashcards

Flashcards in Unit 11 Deck (33):
1

_______ ensures IA is properly implemented for all AF procured ISs and guest systems operating on the AF portion of the DODIN

Certification and Accreditation (C&A)

2

_______ process assigns specific roles to individuals who can properly develop, evaluate, and assess the security of a system and an accreditation authority who can assume the risk associated with the operation of that system.

DIACAP

3

Implementation of DIACAP is supported by two augmented services

DIACAP Knowledge Service (KS)
Enterprise Mission Assurance Support Service (eMASS)

4

Defines the standard for intelligence systems and applications interoperability

DoD Intelligence Information System (DoDIIS)

5

Core mission includes network compliance assessments, network optimization evaluations, and AF network enterprise health feedback

Scope Edge

6

Ultimately is responsible for the development and sustainment of the AF IA program

SAF/CIO A6

7

Officials with the authority to assume the responsibility for operating a system or network at an acceptable level of risk

Designated Approval Authority (DAA)

8

Responsible for directing and coordinating the AF IA Program, establishing and enforcing the C&A process, roles and responsibilities and appointing primary and alternative representatives to serve on DIACAP TAG.

Senior Information Assurance Officer (SIAO)

9

Serves as the AF-DAA, the lead DAA for the aF-DODIN and for all AF ISs other than those under the purview of the Special Acess Programs(SAP)/Special Access Request and the Space DAA.

Commander AF Space (AFSPC/CC)

10

AF SIAO has delegated the role of CA for all AF ISs to _______

AFNIC

11

Duties include ensuring and enforcing DAA accreditation decisions, annual security reviews are conducted, IS details are provided within AF data repository and that POA&M development, tracking, and resolution

Program manager/System manager

12

Primary responsibility for maintaining situational awareness and initiating actions to improve or restore IA posture as well as conducting annual security reviews of all controls and a test of selected IA controls

Information Assurance Managers/IAO

13

What must be objective , testable , must have compliance that is measurable and the activities required to achieve them. Describes an objective IA condition achieved through safeguards, countermeasures, or through the regulation of specific activities.

IA Control

14

______ reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters combat mission. All systems must have one.

Mission Assurance Category (MAC)

15

Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness.

MAC 1

16

Systems handling information that is important to the support of deployed and contingency forces.

MAC 2

17

Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short-term.

MAC 3

18

______ is primarily used to establish acceptable factors such as requirements for individual security clearances or background investigations, access approvals, need-to-know determinations interconnection controls and approvals

Confidentiality level

19

__________ means the system produces information that is not classified, yet is not cleared for public release.

Sensitive

20

_______ weaknesses allow primary security protections or perimeters to be bypassed, allowing immediate access by unauthorized personnel or unauthorized assumption of super-user privileges and cannot be satisfactorily mitigated

CAT 1

21

________ weaknesses are those that can lead to general unauthorized system access but can usually be corrected or mitigated to a point where any residual risk is acceptable.

CAT II

22

Establishes policy and responsibilities for the connection of information system to the Defense Information System Network (DISN).

CJCSI 6211.02C

23

Provides guidelines for the sercurity C and A of ISs supporting the executive agencies of the federal governement.

National Institute of Standards and Technology (NIST) 800-37

24

Outlines the responsibility of organizations to select the appropriate security control, to implement the control correctly and to demonstrate the effectiveness of the controls in satisfying their stated security requirements

National Institute of Standards and Technology (NIST) 800-53

25

Authorization granted by a DAA for a DoD IS to process store, or transmit information is considered an __________

Authority to Operate (ATO)

26

_________ decision is a special case for authorizing testing in an operational information environment or with live data for a specified time period.

Interim Authority to Test (IATT)

27

If operation of your system is required to meet a mission requirement prior to the completion of the C&A Workflow/DIACAP process and the system does not have an existing Authorization to Operate, there is a process to expedite an accreditation decision called an ________

Urgent Interim Authorization Request (UIAR)

28

_______ will be issued if the DAA determines that a DoD IS should not operate because the IA design is inadequate, assigned IA controls are not adequately implemented or because of a lack of other adequate security is revealed through certificate activities and there are no compelling reasons to allow system operation

Denial of Authorization to Operate (DATO)

29

Connection appval is the formal approval for an IS to connect to the AF-DODIN and the acceptance of risk associated with the IS connection by AF DAA.. who has authority

O-6 or higher
AFSPC/CC delegates

30

________ is an AF -DAA determination that an IS cannot connect to the AF-DODIN because of an inadequate IA design, failure to adequately implement assigned IA Controls or other lack of adequate security

Denial of Authorization to Connect (DATC)

31

A government-owned, web-based application, which supports information assurance (IA) program management. Provides a robust solution to C&A automated workflow.

eMass Eneterprise Mission Assurance Support Service

32

_________ is a DISA managed modified COTS tool, with no license fees or user costs to deploy

eMASS

33

A component of eMASS that acts as the repository for all IA controls that may be applied to a registered system's C&A package.

CAM Control Administration Module