Term
| Who is the Designated Accrediting/Approving Authority (DAA)responsible for accrediting information systems used to process classified infirmation in industry? |
|
Definition
The DSS ODAA is the DAA for IS used to process classified information in cleared contractor facilities under DSS cognizance.
Ref: NISPOM 8-102, ISL 2007-1 #6 |
|
|
Term
| The _________ process is the official management decision to permit operation of an IS in a specified environment at an acceptable level of risk, based on the implementation of a CSA approved set of technical, managerial and procedural safeguards. |
|
Definition
accreditation
Ref: NISPOM 8-202 |
|
|
Term
| Each IS shall be reevaluated for reaccreditation how often? |
|
Definition
every 3 years
Ref: NISPOM 8-202 |
|
|
Term
Which of the following situations is/are events that mean the affected IS is not authorized to process classified information:
a. Expiration of accreditation
b. Withdrawal of accreditation
c. Authorization to operate
d. Invalidation of accreditation
e. All of the above
f. a,b and d |
|
Definition
f. a, b, and d
Ref: ISL 2007-01 #11 |
|
|
Term
The CSA will be notified and an acccreditation will become invalid immediately whenever detrimental, security-significant changes occur to which of the following:
a. optimal environment
b. password change
c. required protection level
d. intercconections
e. all of the above
f. b, c, and d |
|
Definition
f. b, c, and d
Ref: ISL 2007-01 #11 |
|
|
Term
| Can one Master SSP (MSSP) cover multiple cleared facilities? |
|
Definition
No. While many elements of an MSSP may be the same (for similar IS), each MSSP must be tailored to the unique circumstances of each cleared facility.
Ref: ISL 2007-01 #12 |
|
|
Term
| ______ ________ provides the capability to either have more than one user or group of users (sequentially) on a single-user IS who do not have the same need-to-know or who are authorized to access different levels of information; or use an IS at more than one protection level (sequentially). |
|
Definition
Periods processing
Ref: NISPOM 8-502 |
|
|
Term
| TRUE or FALSE Unattended classified processing does not require a closed area and supplemental controls depending on the accreditation level of the IS. |
|
Definition
FALSE Unattended classified processing requires a closed area and supplemental controls depending upon the IS accreditation level.
Ref: NISPOM 8-308b, ISL 2007-01 #31 |
|
|
Term
| What is the definition of "high-risk" systems and data? |
|
Definition
A high-risk system is one that requires protection above the NISPOM baseline (i.e., multilevel) where high-risk data would be Special Access Program (SAP) or Special Compartment Information (SCI) information. Standards for SAP and SCI are typically established in contract
documents by the responsible GCA.
Ref: NISPOM 8-400, 8-100c, ISL 2007-01 #33 |
|
|
Term
| TRUE or FALSE DSS recommends that classified IS be configured to boot only from specific hard drives to maximize the possibility of security controls being circumvented by external media. |
|
Definition
| FALSE- to minimize the possibility of security controls being circumvented by external media. Ref: NISPOM 8-502, ISL 2007-01 #36 |
|
|
