Rmf - Guides d'étude, Notes de cours & Résumés

What is the definition of JSIG? - Answer Joint SAP implementation Guide What is the NIST Special Publications 800-53? - Answer Supplemental guidance to JSIG What is the NIST Special Publications 800-53-A? - Answer Guide for assessing security controls What is CNSSI 1253? - Answer Security Categorization and Control Selection for National Security Systems What is the definition of RMF? - Answer Risk Management Framework JSIG term for Certification and Accreditation? - Answer RMF As...

What is included in the Plan of Action and Milestones (POA&M) that is presented in the Authorizing Official (AO) as part of the initial authorization package? A. All items identified throughout the Risk Management Framework (RMF) process B. Only volatile findings that require prioritization in remediation C. Deficiencies that have not yet been remediate and verified throughout the Risk Management Framework (RMF) process D. Only findings that have evaluated as moderate or high - ANSWER-Defic...

What is included in the Plan of Action and Milestones (POA&M) that is presented to the Authorizing Official (AO) as part of the initial authorization package? A. All items identified throughout the Risk Management Framework (RMF) process B. Only volatile findings that require prioritization in remediation C. Deficiencies that have not yet been remediated and verified throughout the Risk Management Framework (RMF) process D. Only findings that have been evaluated as moderate or high - Answer-...

The Risk Management Framework (RMF) Questions and Answers 2024

How many steps in NIST RMF? Correct Answer 6 Name steps of the NIST RMF Correct Answer 1) Categorize Info Systems 2) Select Security Controls 3) Implement Security Controls 4) Assess Security Controls 5) Authorize Info Systems 6) Monitor Security Controls What are the layers of COBIT? Correct Answer Governance and Management What are the Management layers of COBIT? Correct Answer 1) Align, Plan, and Organize 2) Build, Acquire, and Implement 3) Deliver, Service, and Support 4) Mo...

What's the responsibility of the C&A Analyst in the 4th Phase of RMF? - Answer In Security Control Testing/ Assessment, it is the duty of C&A Analyst to evaluate the adequacy of the security control implemented and give recommendations. What artifacts are generated during Control Testing phase? - Answer 1. Test Plan/Security Assessment Plan (SAP) 2. Security Test and Evaluation (ST&E) report 3. Security Assessment Report (SAR) What NIST Publications support Control Testing phase? -...

System Authorization Risk management process that helps in assessing risk associated with a system and takes steps to mitigate the vulnerabilities to reduce risk to an acceptable level. System authorization was formerly known as Certification and Accreditation used to ensure that security controls are established for an information system. Risk Management A process of identifying, controlling, and extenuating IT system related risk. It includes risk assessment, analysis of cost benefit, sel...

FITSP-A Exam Questions and Answers What elements are components of an information system? - Answer ️️ -OMB Circular A-130, App III: "A system normally includes hardware, software, information, data, applications, communications, and people." What are some of the threats that the information system faces? - Answer ️️ -NIST SP 800- 39rl, p. 1: "Threats to information and information systems can include purposeful attacks, environmental disruptions, and human/machine errors and res...

According to a 2013 Pricewaterhouse/ CSO Magazine/Us Secret Service/Carnegie Mellon survey, about what percentage of electronic crime events are caused by insiders - ️️--> 20-25% 5-10% Greater than 80% About 60% Less than 5% The DoD instruction that definitively defines cybersecurity is - ️️-->DoDI 8500.01, signed in March of 2014 Interium DoDI 5000.2 NIST Special Publication 800-145 Federal Information Systems Management Act (FISMA) USC Title 40. Clinger Cohen Act The...

Risk Management Framework (RMF) Correct Answer The RMF addresses the security concerns of organizations related t the design, developmet, implementation, operation, and disposal of information systems and the environments in which those systems operate. Step 1 Categorize - Information System Phase 1 Correct Answer Categorize the information system based on the information type the system processes, stores, or transmits. SP 800-60 and FIPs Publication 199 to determine impact level (Low, Modera...