Flashcards in Unit 11 Deck (33):
_______ ensures IA is properly implemented for all AF procured ISs and guest systems operating on the AF portion of the DODIN
Certification and Accreditation (C&A)
_______ process assigns specific roles to individuals who can properly develop, evaluate, and assess the security of a system and an accreditation authority who can assume the risk associated with the operation of that system.
Implementation of DIACAP is supported by two augmented services
DIACAP Knowledge Service (KS)
Enterprise Mission Assurance Support Service (eMASS)
Defines the standard for intelligence systems and applications interoperability
DoD Intelligence Information System (DoDIIS)
Core mission includes network compliance assessments, network optimization evaluations, and AF network enterprise health feedback
Ultimately is responsible for the development and sustainment of the AF IA program
Officials with the authority to assume the responsibility for operating a system or network at an acceptable level of risk
Designated Approval Authority (DAA)
Responsible for directing and coordinating the AF IA Program, establishing and enforcing the C&A process, roles and responsibilities and appointing primary and alternative representatives to serve on DIACAP TAG.
Senior Information Assurance Officer (SIAO)
Serves as the AF-DAA, the lead DAA for the aF-DODIN and for all AF ISs other than those under the purview of the Special Acess Programs(SAP)/Special Access Request and the Space DAA.
Commander AF Space (AFSPC/CC)
AF SIAO has delegated the role of CA for all AF ISs to _______
Duties include ensuring and enforcing DAA accreditation decisions, annual security reviews are conducted, IS details are provided within AF data repository and that POA&M development, tracking, and resolution
Program manager/System manager
Primary responsibility for maintaining situational awareness and initiating actions to improve or restore IA posture as well as conducting annual security reviews of all controls and a test of selected IA controls
Information Assurance Managers/IAO
What must be objective , testable , must have compliance that is measurable and the activities required to achieve them. Describes an objective IA condition achieved through safeguards, countermeasures, or through the regulation of specific activities.
______ reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters combat mission. All systems must have one.
Mission Assurance Category (MAC)
Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness.
Systems handling information that is important to the support of deployed and contingency forces.
Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short-term.
______ is primarily used to establish acceptable factors such as requirements for individual security clearances or background investigations, access approvals, need-to-know determinations interconnection controls and approvals
__________ means the system produces information that is not classified, yet is not cleared for public release.
_______ weaknesses allow primary security protections or perimeters to be bypassed, allowing immediate access by unauthorized personnel or unauthorized assumption of super-user privileges and cannot be satisfactorily mitigated
________ weaknesses are those that can lead to general unauthorized system access but can usually be corrected or mitigated to a point where any residual risk is acceptable.
Establishes policy and responsibilities for the connection of information system to the Defense Information System Network (DISN).
Provides guidelines for the sercurity C and A of ISs supporting the executive agencies of the federal governement.
National Institute of Standards and Technology (NIST) 800-37
Outlines the responsibility of organizations to select the appropriate security control, to implement the control correctly and to demonstrate the effectiveness of the controls in satisfying their stated security requirements
National Institute of Standards and Technology (NIST) 800-53
Authorization granted by a DAA for a DoD IS to process store, or transmit information is considered an __________
Authority to Operate (ATO)
_________ decision is a special case for authorizing testing in an operational information environment or with live data for a specified time period.
Interim Authority to Test (IATT)
If operation of your system is required to meet a mission requirement prior to the completion of the C&A Workflow/DIACAP process and the system does not have an existing Authorization to Operate, there is a process to expedite an accreditation decision called an ________
Urgent Interim Authorization Request (UIAR)
_______ will be issued if the DAA determines that a DoD IS should not operate because the IA design is inadequate, assigned IA controls are not adequately implemented or because of a lack of other adequate security is revealed through certificate activities and there are no compelling reasons to allow system operation
Denial of Authorization to Operate (DATO)
Connection appval is the formal approval for an IS to connect to the AF-DODIN and the acceptance of risk associated with the IS connection by AF DAA.. who has authority
O-6 or higher
________ is an AF -DAA determination that an IS cannot connect to the AF-DODIN because of an inadequate IA design, failure to adequately implement assigned IA Controls or other lack of adequate security
Denial of Authorization to Connect (DATC)
A government-owned, web-based application, which supports information assurance (IA) program management. Provides a robust solution to C&A automated workflow.
eMass Eneterprise Mission Assurance Support Service
_________ is a DISA managed modified COTS tool, with no license fees or user costs to deploy