Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
103 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
OMB
|
Office of Management and Budget
|
Domain 1 - US Government Information Assurance Governance
|
|
|
These two bodies institute laws, directives, and regulation that govern formation and implementation of federal information security practices.
|
OMB and US Congress
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Executive Order 13231
|
Establishes the President's intent to secure nation infrastructor
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Executive Order that created the Nation Security Telecommunications Adisory Committee to advise POTUS on communications system security?
|
Executive Order 13231
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Executive Order that converted the Critical Infrastructor Protection Board to Nation INfrastructure Protection Board?
|
Executive Order 13231
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FISMA
|
Federal Inforamtion Security management Act
|
Domain 1 - US Government Information Assurance Governance
|
|
|
COMSEC
|
Communications Security
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Definition of COMSEC?
|
A component of Information Assurance that deals with denying unauthorized persons information from telecommunications
|
Domain 1 - US Government Information Assurance Governance
|
|
|
COMPUSEC
|
Computer Security
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Definition of COMPUSEC?
|
Measures and controls that ensure confidentiality, integrity, and availibility of information systems
|
Domain 1 - US Government Information Assurance Governance
|
|
|
INFOSEC
|
Information Security
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Definition of INFOSEC?
|
The protection of information and information systems from unauthorized access, use, disclosure, etc.
|
Domain 1 - US Government Information Assurance Governance
|
|
|
USC
|
United States Code
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who prepares and publishes USC?
|
Office of the Law Revision Counsel of the US House of Representatives.
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What three directives does the President have as statutory authority to establish new policy?
|
Presidential Decision Directives (PDD)
Executive Order (EO) Homeland Security Presidential Directives (HSPD) |
Domain 1 - US Government Information Assurance Governance
|
|
|
What two places are Presidential Decision Directives, Executive Orders, and Homeland Security Presidential Directives published?
|
Federal Register and the Code of Federal Regulations
|
Domain 1 - US Government Information Assurance Governance
|
|
|
To assist the president in overseeing the preparation of the Federal budget is the mission of who?
|
OMB
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Whose mission is it to evaluate the effectiveness of agency programs, policies, and procedures?
|
OMB
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Whose mission is it to oversee and coordinate the Administrations's procurement, financial management, information, and regulation?
|
OMB
|
Domain 1 - US Government Information Assurance Governance
|
|
|
ODNI
|
Office of Director of National Intelligence
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What established the ODNI?
|
Intelligence Reform Act of 2005
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What is ODNI tasked to do?
|
Reforming the coordination and management of US Intelligence information
|
Domain 1 - US Government Information Assurance Governance
|
|
|
This community is a group of 15 government agencies and organizations that carry out the intelligence activities of the US Government.
|
US Intelligence Community
|
Domain 1 - US Government Information Assurance Governance
|
|
|
DCIA
|
Director of the Central Intelligence Agency
|
Domain 1 - US Government Information Assurance Governance
|
|
|
DCID
|
Directory of Central Intelligence Directives
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What do DCIDs do and who publishes them?
|
The DCIA publishes them to define intelligence community-wide policies
|
Domain 1 - US Government Information Assurance Governance
|
|
|
DNI
|
Director of Nation Intelligence that replace DCIA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
ICD
|
Intelligence Community Directives that replaced DCID
|
Domain 1 - US Government Information Assurance Governance
|
|
|
NSA
|
Nation Security Agency
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who protects all classified and sensitive information that is stored or sent through US Government equipment?
|
NSA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who develops security configuration guidance for a wide variety of software and OS hardening?
|
NSA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
NIST
|
Nation Institute of Standards and Technology
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Whose mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?
|
NIST
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS
|
Federal Information Processing Standards
|
Domain 1 - US Government Information Assurance Governance
|
|
|
SPs
|
Special Publications
|
Domain 1 - US Government Information Assurance Governance
|
|
|
NISTIRs
|
NIST Interagency Reports
|
Domain 1 - US Government Information Assurance Governance
|
|
|
ITL
|
Information Technology Laboratory
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who develops and publishes FIPS?
|
NIST
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who develops and publishes SPs, NISTIRs, and ITL Bulletins?
|
NIST
|
Domain 1 - US Government Information Assurance Governance
|
|
|
CNSS
|
Committee on National Security Systems
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What executive order re-designated the NSTISSC as the CNSS?
|
EO 13231
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who provides a forum and sets policies in addition to promulgating direction, operation procedures and guidance for National Security Systems?
|
CNSS
|
Domain 1 - US Government Information Assurance Governance
|
|
|
NIAP
|
Nation Information Assurance Partnership
|
Domain 1 - US Government Information Assurance Governance
|
|
|
NIAP is partnership between who?
|
NIST and NSA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
CCEVS
|
Common Criteria Evaluation and Validation Scheme
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who sponsers CCEVS?
|
NIAP
|
Domain 1 - US Government Information Assurance Governance
|
|
|
DISA
|
Defense Information Systems Agency
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who provides Command and Control capabilities to the DoD
|
DISA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
STIG
|
Security Technical Implementation Guides
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Who publishes STIGs
|
DISA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
DTIC
|
Defense Technical Information Center?
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Largest central resource for DoD and government funded information?
|
DTIC
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Homeland Security Presidental Directive 7/ HSPD-7
|
Policy to enhance protection of nation's critical infrastructure against terrorist acts
|
Domain 1 - US Government Information Assurance Governance
|
|
|
OMB Circular A-130 - Appendix III
|
Security of Federal Automated Information Resources
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What requires executive agencies to plan for security, assign security responsiblity, and review security controls in their information systems?
|
OMB Circular A-130 Appendix III
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FISMA
|
Federal Information Security Management Act
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What act identified the importance of information security to the economic and national security interests of the US?
|
Public Law 107-347 e-Government Act of 2002
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What act and title created FISMA?
|
Public Law 107-347 e-Government Act of 2002 Title III
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What requires federal organizations to provide information security protections corresponding with assessed risk?
|
FISMA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FISMA requires federal organizations to ensure senior leaders provide what?
|
Information Security for assests under thier control?
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What requires federal organizations to train personnel?
|
FISMA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FISMA makes the CIO report on the IS program how often?
|
Annually
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FISMA requires the development, documentation, and implementation of what?
|
An IS program
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What requires federal organizations to maintain inventory of information systems?
|
FISMA
|
Domain 1 - US Government Information Assurance Governance
|
|
|
OMB M-00-07
|
Funding security in Information Systems Investments
|
Domain 1 - US Government Information Assurance Governance
|
|
|
OMB M-0013
|
Post Privacy Policies on websites
|
Domain 1 - US Government Information Assurance Governance
|
|
|
OMB M-02-01
|
Guidance for POA&Ms
|
Domain 1 - US Government Information Assurance Governance
|
|
|
POA&Ms
|
Preparing and Submitting Security Plans of Action and Milestones
|
Domain 1 - US Government Information Assurance Governance
|
|
|
POA&Ms contain what?
|
Weaknesses, POC, required resources, completion date, milestones, and current status
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Do you delete items from POA&Ms?
|
No, they are living documents and are only amended
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Privacy Act of 1974 (Update 2004)
|
Balanced the need for PII and individual's rights
|
Domain 1 - US Government Information Assurance Governance
|
|
|
PII
|
Personal Identifiable Information
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Four objectives of Privacy Act of 1974?
|
1. Restrict disclosure of PII
2. Right to access your PII 3. right to amended your PII 4. Establish fair information practices |
Domain 1 - US Government Information Assurance Governance
|
|
|
Public Law 100-235 is also known as what?
|
Computer Security Act of 1987
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Computer Security Act of 1987 established what?
|
Established minimum acceptable security practices for sensitive information in computer systems
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What assigned NIST to developing standards and guidelines?
|
Computer Security Act of 1987.
|
Domain 1 - US Government Information Assurance Governance
|
|
|
What requires establishment of security plans by all operators of federal computer systems that contain sensitive information?
|
Computer Security Act of 1987.
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Computer Security Act of 1987 made periodic training what?
|
Mandatory
|
Domain 1 - US Government Information Assurance Governance
|
|
|
HIPAA
|
Health Insurance Portability and Accountability Act
|
Domain 1 - US Government Information Assurance Governance
|
|
|
HITECH Act
|
Health Information Technology for Economic and Clincal Health Act
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Clinger-Cohen Act
|
1996 United States federal law, designed to improve the way the federal government acquires, uses and disposes information technology
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Gramm–Leach–Bliley Act
|
Financial Privacy Rule requires financial institutions to provide each consumer with a privacy notice
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Payment Card Industry Data Security Standard
|
Onsite auditing of Card Card compliance like safeguarding customer information.
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Are FIPS mandatory standards?
|
Yes
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 140-2
|
Security requirements for cryptographic modules
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 140-2 Level 1
|
Basic Security for Crypto Modules
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 140-2 Level 2
|
Tampering evident coating for Crypto Modules
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 140-2 Level 3
|
Idenity-based authentication, intrustion prevention, and critical access parameters for Crypto Modules
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 140-2 Level 4
|
Erase on tampering for Crypto Modules
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 180-2
|
Secure Hash Standard
|
Domain 1 - US Government Information Assurance Governance
|
|
|
Four hash algorithms defined by FIPS 180-2
|
SHA-1, SHA-256, SHA-384, SHA-512
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 181
|
Automated Password Generator
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 185
|
Escrowed Encryption Standard (ESS)
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 186-2
|
Digital Signature Standard
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 188
|
Standard Security Label for Information Transfer
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 190
|
Advanced Authentication Technology Alternatives (passwords, tokens, biometric, combination)
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 191
|
Analysis of Local Area Network Security
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 196
|
Authentication with Public Key Cryptography
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 197
|
AES, Rijndael
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 198a
|
The Keyed-Hash Message Authentication Code
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 199
|
Standards for Security Categorization of Federal Information and Information Systems
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 200
|
Minimum Security Requirements for Federal Information and Information Systems
|
Domain 1 - US Government Information Assurance Governance
|
|
|
FIPS 201
|
Personal Identity Verification of personnel or Smart Card
|
Domain 1 - US Government Information Assurance Governance
|
