Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
The purpose of this document is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements.
|
System Security Plan
|
|
|
|
Which document provides guidance for federal agencies for developing system security plans for federal information systems.
|
NIST 800-18
|
|
|
|
Which document specifies the minimum security requirements for federal information and information systems in seventeen security-related areas?
|
FIPS 200
|
|
|
|
Which publication is the mandatory standard to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to impact?
|
FIPS 199
|
|
|
|
Who is the agency official responsible for developing and maintaining an agency-wide information security program?
|
The Chief Information Officer (CIO).
|
|
|
|
This individual is the agency official responsible for the overall procurement, development, integration, modification, or operation and maintenance of the information system
|
The information system owner.
|
|
|
|
Who is the agency official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.
|
The information owner has the authority for the specified information.
|
|
|
|
The person responsible for serving as the CIO's primary liaison to the agency's information system owners and information system security officers.
|
Senior Agency Information Security Officer (SAISO)
|
|
|
|
This person is assigned responsibility by the SAISO, authorizing official, management official, or information system owner for ensuring that the appropriate operational security posture is maintained for an information system or program.
|
Information System Security Officer
|
|
|
|
A senior management official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations, agency assets, or individuals.8
|
Authorizing Official or DAA
|
|
|
|
The _________________should clearly delineate responsibilities and expected behavior of all individuals with system access, state the consequences of inconsistent or noncompliant behavior, be acknowledged by all users.
|
Rules of Behavior
|
|
|
|
What is the intent of the Rules of Behavior?
|
To make all users accountable for their actions by acknowledging that they have read, understand, and agree to abide by the rules of behavior.
|
|
|
|
Information systems and the information resident within those systems must be categorized based on which publication?
|
FIPS 199
|
|
|
|
Which of the following are considered information resources? (check all that apply)
a. personnel b. equipment c. funds d. information technology |
Personnel, equipment, funds, and information technology are all considered information resources.
|
|
|
|
For reporting purposes, i.e., FISMA annual report, when an information system has varying FIPS 199 impact levels, how is the system classified?
|
The system is categorized at the highest impact level on that information system.
|
|
|
|
Caution should be exercised when one individual fills multiple roles in the security planning process to ensure that the individual remains free from____________________.
|
Conflicts of Interest
|
|
|
|
Who Designates a senior agency information security officer (SAISO) who shall carry out the CIO's responsibilities for system security planning,
|
CIO
|
|
|
|
Who Maintains the system security plan and ensures that the system is deployed and operated according to the agreed-upon security requirements?
|
Information System owner
|
|
|
|
Who Develops the system security plan in coordination with information owners, the system administrator, the information system security officer, the senior agency information security officer, and functional "end users,"?
|
Information System Owner
|
|
|
|
Who Establishes the rules for appropriate use and protection of the subject data/information (rules of behavior),
|
Information Owner
|
|
|
|
Who Decides who has access to the information system and with what types of privileges or access rights?
|
Information Owner
|
|
|
|
OMB Circular A-130 defines a "major information system" as an information system that requires special management attention because of its________________________, __________________________, ______________________________.
|
Importance to an agency mission; its high development, operating, or maintenance costs; or its significant role in the administration of agency programs, finances, property, or other resources.
|
Major applications are by definition major information systems.
|
|
|
If a system is defined as a major application and the application is run on another organization's general support system, who is responsible for acceptance of risk?
|
The major application owner is responsible for acceptance of risk.
|
|
