Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
|
Who oversees the implementation of DoDI 8510.01 and directs and oversees the cybersecurity risk management of DoD IT? |
DoD Chief Information Officer (DoD CIO)
|
|
|
Who develops and provides RMF training and awareness products and a distributive training capability to support the DoD Components? |
Director, Defense Information Systems Agency (DISA)
|
|
|
Who is responsible for coordinating with the DoD CIO to ensure RMFs processes are appropriately integrated with Defense Acquisition System processes for DoD IT acquisitions? |
Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)) |
|
|
Who reviews plans, execution, and results of operational testing to ensure adequate evaluation of cybersecurity for all DoD IT acquisitions subject to oversight? |
Director, Operational Test and Evaluation (DOT&E)
|
|
|
DOD Component heads must ensure that a trained and qualified AO is appointed in writing for all DoD IS and PIT systems operating within or on behalf of the DoD Component in accordance with which reference? |
DoD Instruction 8500.01
|
|
|
Who is responsible for ensuring the Joint Capabilities Integration and Development System (JCIDS) process supports and documents IS and PIT system categorization consistent with DoDI 8510.01? |
Chairman of the Joint Chiefs of Staff (CJCS)
|
|
|
Who is responsible for ensuring all products, services, and PIT have completed the appropriate evaluation and configuration processes prior to incorporation into or connection to an IS or PIT system? |
Information Systems Security Manager (ISSM)
|
|
|
What are product-specific and document the applicable DoD policies and security requirements, as well as best practices and configuration guidelines? |
Security Technical Implementation Guides (STIGs)
|
|
|
What are developed by DISA to provide general security compliance guidelines as well as serving as source guidance documents for STIGs? |
Security Requirements Guides (SRGs)
|
|
|
Which approach to cybersecurity risk management as described in NIST SP 800-39 is implemented by the DoD RMF governance structure? |
Three-tiered
|
|
|
Which Tier level in RMF addresses risk management at the DoD enterprise level? |
Tier 1
|
|
|
Who directs and oversees the cybersecurity risk management of DoD IT? |
Department of Defense Chief Information Officer (DoD CIO)
|
|
|
What performs the DoD Risk Executive Function?
|
DoD Information Security Risk Management Committee (ISRMC)
|
|
|
What is the community forum for reviewing and resolving authorization issues related to the sharing of community risk? |
Defense IA Security Accreditation Working Group (DSAWG)
|
|
|
Who oversees the RMF TAG and the online KS?
|
Department of Defense Senior Information Security Officer (DoD SISO) |
|
|
What provides implementation guidance for the RMF by interfacing with the DoD component cybersecurity programs, cybersecurity communities of interest (COIs), and other entities to address issues that are common across all entities? |
Risk Management Framework Technical Advisory Group (RMF TAG) |
|
|
What supports RMF implementation, planning, and execution by functioning as the authoritative source for RMF procedures and guidance? |
Knowledge Service
|
|
|
Who must monitor and track overall execution of system-level POA&Ms? |
Authorizing Officials (AOs)
|
|
|
Who develops, maintains, and tracks security plans for assigned IS and PIT systems? |
Information System Owners (ISOs)
|
|
|
PMs must ensure periodic reviews, testing and assessment of assigned IS and PIT systems are conducted at least how often? |
Annually
|
|
|
PMs must ensure T&E of assigned IS and IT systems is planned, resourced, and documented in the program T&E master plan in accordance with which reference? |
DoDI 5000.02
|
|
|
What reduces redundant testing, assessing and documentation, and the associated cost in time and resources? |
Reciprocity
|
|
|
What must PMs and ISOs who are deploying systems across DoD Components post security authorization documentation to in order to provide visibility of authorization status and documentation to planned receiving sites? |
Enterprise Mission Assurance Support Service (eMASS)
|
