Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
46 Cards in this Set
- Front
- Back
What DOD instruction is for IA implementation
|
DOD instruction 8500.22
|
|
What is the purpose for DOD 8500.2
|
Implements policy, assigns responsibilities, and prescribes procedures for
applying integrated, layered protection of the DoD information systems and networks |
|
What are some of the Assistant Secretary of Defense responsibilities in the IA implemention
|
Oversee implementation of this Instruction.
Manage the Defense-wide Information Assurance Program (DIAP) office Maintain liaison with the office of the Intelligence Community (IC) Chief Information Officer (CIO) to ensure continuous coordination of DoD and IC IA activities and programs. |
|
Who publish the DOD CIO Annual IA Report
|
The Assistant Secetary of defense
|
|
True or False
The ASECDEF Ensure the adjudication of conflicts or disagreements among the DoD Components regarding interconnection of DoD information systems through the Global Information Grid (GIG) waiver process defined in DoD Directive 8000.1 and the DoD CIO Executive Board Charter |
TRUE
|
|
Provide oversight of DoD IA education, training, and awareness
activities. |
The ASECDEF
|
|
What are some important responsibilities for the Chairman of the Joint Chief of Staff regarding DODI 8500.3
|
Develop and coordinate Joint IA policies and guidance.
Develop IA doctrinal concepts for integration into joint doctrine. Appoint a Joint Staff DISN Designated Approving Authority (DAA). |
|
True or False
The ASECDEF Provide guidance and ensure IA is integrated into joint plans and operations consistent with policy guidance from the President and the Secretary of Defense. |
False.
The CJCS chairmen of the joint chie of staff |
|
Who Ensure, in coordination with the ASD(C3I), the validation of IA
requirements for systems supporting Joint and Combined operations through the Joint Requirements Oversight Council (JROC). |
The Chairman of the Joint Chief Of Staff
|
|
Who shall coordinate and direct
DoD-wide computer network defense (CND) operations responsibilities (operational component of IA) in accordance with DoD Instruction O-8530.2 |
The Commander, United States Strategic Command
|
|
What are some responsibilities DISA provide as far as DODI 8500.2
|
Serve as a DISN DAA.
Develop and provide IA training and awareness products, and a distributive training capability to support product delivery. |
|
Who Establish and maintain the Information Assurance Support Environment and the Information
Assurance Technology Analysis Center (IATAC) |
DISA
|
|
What is DISN
|
Defense Information Systems Network
|
|
Who manage the DISN
|
Defense Information Systems Agency
|
|
What are some roles as DIA
|
Develop, implement, and maintain the IA certification and accreditation
process for DoD non-cryptologic sensitive compartmented information (SCI) to include DoD Intelligence Information System (DoDIIS) IT systems, and networks to include JWICS. |
|
What is DAA
|
Designated Approving Authority
|
|
What is NSA
|
National Security Agency
|
|
What agency Approve all applications of cryptographic algorithms for the protection
of confidentiality, integrity, or availability of classified information |
NSA
|
|
What agency Approve all cryptographic devices used to protect classified
information. |
NSA
|
|
What scholarship does the NSA manage
|
DoD IA Scholarship Program
|
|
What are some responsibilities the NSA have
|
Engage the IA Industry and DoD user community to foster development,
evaluation, and deployment of IA solutions Maintain, update, and disseminate the Information Assurance Technical Frameworkn coordination with the National Institute for Standards and Technology |
|
True or False
The NSA n coordination with the National Institute for Standards and Technology |
True
|
|
True or False
DISA Generate Protection Profiles for IA and IA-enabled IT products used in DoD information systems based on Common Criteria (reference (j)), and coordinate the generation and review of these Profiles within the National Information Assurance Partnership (NIAP) framework |
False
The NSA does |
|
What are some responsibilities for the DAA.
|
Ensure that IA is incorporated as an element of DoD information system
life-cycle management processes Grant DoD information systems under his or her purview formal accreditation to operate according to the DoD IA certification and accreditation process |
|
Who Ensure that all Information Assurance Managers (IAMs), in addition to
meeting all access requirements specified in paragraph 4.8., DoD Directive 8500.1, (reference (a)), are U.S. citizens. |
DAA
|
|
What are some resposibilities of the IAM
|
Ensure that information ownership responsibilities are established for
each DoD information system, to include accountability, access approvals, and special handling requirements. Maintain a repository for all IA certification and accreditation documentation and modifications. |
|
Who ensure that IA Officer are appointed in writing
|
IAM
|
|
Who job is it to Ensure that all IAOs and privileged users receive the necessary
technical and IA training, education, and certification to carry out their IA duties |
IAM
|
|
Which is the resposibility of the IAM
A-Ensure that compliance monitoring occurs, and review the results of such monitoring. B-Ensure that IA inspections, tests, and reviews are coordinated C-Ensure that all IA management review items are tracked and reported |
All the above
|
|
True or False
The IAM ensure that incidents are properly reported to the DAA and the DoD reporting chain, as required, and that responses to IA-related alerts are coordinated |
True
|
|
Who Act as the primary IA technical advisor to the DAA and formally notify
the DAA of any changes impacting the DoD information system's IA posture |
The IAM
|
|
What are some responsibilities of the IA Officer
|
Ensure that IA and IA-enabled software, hardware, and firmware comply
with appropriate security configuration guidelines. Ensure that DoD information system recovery processes are monitored and that IA features and procedures are properly restored. |
|
Who Implement and enforce all DoD information system IA policies and
procedures, as defined by its security certification and accreditation documentation. |
The IAM
|
|
True or False
The IAM Ensure that all DoD information system IA-related documentation is current and accessible to properly authorized individuals. |
False
The IAO does that |
|
Who can Configure and operate IA and IA-enabled technology according to DoD
information system IA policies and procedures and notify the IAO of any changes that might adversely impact IA. |
rivileged User with IA responsibilities
|
|
Who Establish and manage authorized user accounts for DoD information
systems, including configuring access controls to enable access to authorized information and removing authorizations when access is no longer needed. |
Privileged User with IA responsibilities
|
|
What is an example of privelage user
|
System Administrator),
|
|
What is the IAM
|
The individual responsible for the information
assurance program of a DoD information system or organization |
|
Whats anothe name for IAM
|
it may be used interchangeably with the IA
title Information Systems Security Manager (ISSM). |
|
What is an IAO
|
An individual responsible to the IAM for ensuring that
the appropriate operational IA posture is maintained for a DoD information system or organization |
|
What is some other names for IAO
|
Information Systems Security Officer,
Information Systems Security Custodian, Network Security Officer, or Terminal Area Security Officer |
|
Whati is the DAA
|
The official with the authority to
formally assume responsibility for operating a system at an acceptable level of risk |
|
What are the four DAAs responsible for operating the DISN at an acceptable level of risk.
|
The four DISN DAAs
DODI 8500.2, February 6, 2003 16 ENCLOSURE 2 are the Directors of the Defense Information Systems Agency (DISA), the Defense Intelligence Agency (DIA), the National Security Agency (NSA), and the Director of the Joint Staff (delegated to Joint Staff Director for Command, Control, Communications, and Computer Systems |
|
What is IA
|
Measures that protect and defend
information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities |
|
What is a Privileged User.
|
An authorized user who has access to system control,
monitoring, or administration functions |
|
What are the 5 esssentials the DOD IA program is based on
|
E3.1.3.1. The ability to assess security needs and capabilities.
E3.1.3.2. The ability to develop a purposeful security design or configuration that adheres to a common architecture and maximizes the use of common services. E3.1.3.3. The ability to implement required controls or safeguards. E3.1.3.4. The ability to test and verify. E3.1.3.5. The ability to manage changes to an established baseline in a secure |