Vocabulary

Question 1

NIST

Answer 1

National Institute of Standards and Technology

Question 2

FISMA

Answer 2

Federal Information System Modernization Act

Question 3

What does NIST provide?

Answer 3

Standards of Operations and Guidelines

Question 4

What does FISMA provide?

Answer 4

Policy and Procedures

Question 5

ISSO

Answer 5

Information System Security Officer

Question 6

SCA

Answer 6

Security Control Assessor

Question 7

Methodology

Answer 7

A schedule or time frame

Question 8

Vulnerability

Answer 8

A weakness or flaw

Question 9

Risk

Answer 9

A chance or choice

Question 10

A.O.

Answer 10

Authorizing Official

Question 11

ATO

Answer 11

Authorization to Operate

Question 12

Remediate

Answer 12

To fix

Question 13

SME

Answer 13

Subject Matter Expert

Question 14

Artifact

Answer 14

Proof or source

Question 15

Threat

Answer 15

Anything that tries to exploit a vulnerability or cause harm to a system or organization

Question 16

ST&E

Answer 16

System Test and Evaluation

Question 17

CIO

Answer 17

Chief Information Officer

Question 18

CISO

Answer 18

Chief Information Security Officer

Question 19

Discrepancy

Answer 19

Mistake or error

Question 20

Scrub

Answer 20

To look for

Question 21

PM
(SME)

Answer 21

Project Manager

Question 22

High Water Mark

Answer 22

The highest or most reoccurring security impact

Question 23

CAT

Answer 23

Control Allocation Table

Question 24

RTM

Answer 24

Required Traceable Matrix

Question 25

POA&M

Answer 25

Plan of Action and Milestone

Question 26

SAP

Answer 26

Security Assessment Plan

Question 27

SAR

Answer 27

Security Assessment Report

Question 28

RAR

Answer 28

Risk Assessment Report

Question 29

SCTM

Answer 29

Security Control Traceable Matrix

Question 30

Security Control

Answer 30

Something that modifies or reduces one or more security risks

Question 31

System

Answer 31

Computer

Question 32

B.O.E.

Answer 32

Body of Evidence

Question 33

SSP

Answer 33

System Security Plan

Question 34

C.I.A.

Answer 34

Confidentiality, Integrity, Availability

Question 35

PII

Answer 35

Personally Identifiable Information

Question 36

PKI

Answer 36

Public Key Infrastructure

Question 37

ISO

Answer 37

International Organization for Standardization

Question 38

IEC

Answer 38

International Electrotechnical Commission

Question 39

CDS

Answer 39

Cross Domain Solution

Question 40

IC

Answer 40

Intelligent Control (Intelligence Community)

Question 41

NIST-800-30

Answer 41

Conducting Risk Assessements

Question 42

NIST-800-37

Answer 42

RMF 1-7

Question 43

NIST-800-39

Answer 43

Managing Risk

Question 44

NIST-800-18

Answer 44

How to develop an SSP (Creation of the SSP)

Question 45

GSS

Answer 45

General Support System

Question 46

Confidentiality

Answer 46

The state of keeping a secret or private

Question 47

Integrity

Answer 47

Seeking to prevent the unauthorized modification, use, and destruction of information or data

Question 48

Availability

Answer 48

Ensure timely and reliable access and use of information

Question 49

FIPS

Answer 49

Federal Information Processing Standards

Question 50

FIPS-199

Answer 50

The security categorization of Federal systems and the second step in RMF Categorization.

Question 51

NIST-800-53

Answer 51

Information Types

Question 52

NIST-800-53A

Answer 52

Data

Question 53

NIST-800-53B

Answer 53

Baseline controls for REV5

Question 54

NIST-800-60

Answer 54

Mapping

Question 55

NIST Special Publication 200

Answer 55

Basic Controls

Question 56

DHS Sensitive System Policy Directive 4300A

Answer 56

Directive used if you need overlays, privacy controls, or cross domain solutions

Question 57

ISO/IEC 27001 & 27002

Answer 57

Communication

Question 58

CNSS-1253

Answer 58

Committee on National Security Systems (Military)

Question 59

PDF

Answer 59

Formal Written Direction

Question 60

URL

Answer 60

Web site

Question 61

Screen Shot

Answer 61

Real time picture with date and time stamp

Question 62

Test the control

Answer 62

To observe something is working properly

Question 63

Interview

Answer 63

To speak with someone to get an explanation or better understanding of the control function.

Question 64

Examine

Answer 64

Physically review the control documentation.