ISSEP Definitions Questions and Answer

ISSEP Definitions Questions and Answer Acquisition Plan - The acquisition plan defines the acquisition and installation of the operating environment hardware and software. AO Designated Rep (AODR) - Replacement to DAA Rep Previous Play Next Rewind 10 seconds Move forward 10 seconds Unmute 0:00 / 0:15 Full screen Brainpower Read More Application programming interface (API) - set of routines/protocols/tools for building software applications. APIs provide standard interfaces so that multiple vendors can provide interoperable solutions. APIs are a means of isolating a computing platform from the details of the implementation of cryptographic functions (both the actual algorithms and the hardware implementations). Authentication - The ability to verify the identity of an individual or entity. Authentication is entity oriented. Authorizing Official (AO) - The "authorizing official" is the executive or senior manager authorized to approve the operation of the information system. Automated Security Self Evaluation Tool (ASSET) - automates the process of completing a system self-assessment. ASSET will assist organizations in completing the self-assessment questionnaire contained in NIST Special Publication (Special Publication) 800-26, Security Self-Assessment Guide for Information Technology Systems. Availability - Timely, reliable access to data and information services by authorized users. Availability is service oriented. Certified TEMPEST Technical Authority (CTTA) - The Certified TEMPEST Technical Authority (CTTA) is the only individual within the U.S. Government to recommend and/or approve TEMPEST countermeasures. Clinger Cohen Act of 1996 - law to improve how government acquires/uses/disposes information technology Commercial Off The Shelf (COTS) - software/hardware ready-made and available for sale to public Committee on National Security Systems (CNSS) - Federal agency that provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems Common Criteria (CC) - for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. Common Data Security Architecture (CDSA) - Is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space Common Data Security Architecture (CDSA) - Set of layered security services that address communications and data security problems in the emerging Internet and intranet application space. Computer Fraud and Abuse Act (CFAA) - was originally enacted to provide a clear statement of proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to computers. Instead of trying to add computer crime to the multitude of other relevant USC, it was decided to establish the Computer Fraud and Abuse statute, 18 USC 1030, as a single statute for computer-related offenses. Computer Misuse Act of 1990 - Unauthorized access w/intent to facilitate computer crimes or modify them Concepts of Operations (CONOPS) - document describing the characteristics (Strategies,tactics, policies, and constraints)(responsibilities and authorities delegated)(Statement of the goals and objectives of the system)(Organizations, activities, and interactions among participants) Confidentiality - Protection of information from disclosure to unauthorized individuals, systems, or entities. Confidentiality is data oriented. Defense Advanced Research Projects Agency (DARPA) - Agency responsible for funding the development of many technologies such as computer networking, as well as NLS Defense Contract Audit Agency (DCAA) - The DCAA is responsible for performing contract audits for the Department of Defense. Defense Information Assurance Program (DIAP) - To protect and defend DoD information, information systems, and information networks that are critical to the Department and the armed forces during day-to-day operations and operations in times of crisis. Therefore, the DIAP is the Office of the Secretary of Defense (OSD) mechanism to plan, monitor, coordinate, and integrate IA activities. Defense Information Services Agency (DISA) - DoD agency that is responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions and operating the GIG to serve the needs of the President, Vice President, the Secretary of Defense, the Joint Chiefs of Staff, the Combatant Commanders, and other DoD components under all conditions of peace and war (). Defense Technical Information Center (DTIC) - Premier repository for research and engineering information for the USA DoD. DTIC's Suite of Services is available to DoD personnel, defense contractors, federal government personnel and contractors and selected academic institutions. Due Care - Due care is doing what a reasonable person would do in a given situation. It is sometimes called the "prudent man" rule. Due Diligence - Due diligence is the management of due care. Federal Information Security Management Act (FISMA) - An act that requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information systems that support the operations and assets of the agency. Federal Risk and Authorization Management Program (FedRAMP) - A government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Functional Baseline - A functional baseline describes the system functional specifications as derived from system performance requirements during the concept definition phase. Functional flow block diagrams (FFBD) - "Used to show the sequence of all functions to be accomplished by a system. " Government Off The Shelf (GOTS) - software/hardware government products that are ready to use Information Assurance (IA) (Used interchangably with Cybersecurity) - Practice of assuring information and managing risks related to the use, processing, storage, and transmission. Information Assurance Support Environment (IASE) - IA portal or clearinghouse for IA professionals within the government and the commercial world. Information Management Model (IMM) - methodological analysis to obtain, model, and document the customer's information, processes, user access to information, and security policy for the information. Information Management Plan (IMP) - is used in Phase 2 of the ISSE model to determine the security requirements for the system. Information Protection Policy (IPP) - includes discovering the information protection needs by defining the potential threats to the information system and what security services are needed to counteract or reduce those threats. Information System Security Manager (ISSM) - Information System Security Manager usually conducts or assists with the risk assessment and preparation of C&A documentation and management of the I Information System Security Officer (ISSO) - "1) security posture is maintained for an information system or program. 2) The ISSO is responsible to the authorizing official, information system owner, or the CISO for ensuring that the appropriate operational security posture is maintained for an information system or program. " Information Systems Security Engineering (ISSE) - Provides guidance in the design and development of the application and system security plan and related documentation. Integrity - Protection of information, systems, and services from unauthorized modification or destruction. Integrity is data oriented. Internet Engineering Task Force (IETF) - The mission of the IETF is to make the Internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the Internet. develops and promotes voluntary Internet standards, in particular the standards that comprise the Internet Protocol Suite (TCP/IP). Lanham Act of 1946 - federal statute that governs trademarks, service marks, and unfair competition Manufacturing Extension Partnership - NIST Provides a nationwide network of local centers offering technical business assistance to small manufactures. MIL STD 499B - Develops work breakdown structures and statements of work, establishes and maintains configuration management of the system, and develops needed user training equipment, procedures, and data. National Information Assurance Partnership (NIAP) - NIAP is a collaboration between NIST and NSA to fulfill their respective responsibilities under both the Computer Security Act of 1987 and, most recently, FISMA. National Institute of Science & Technology (NIST) - Federal agency with the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life National Institute of Standards and Technology (NIST) - Government institute that creates a standards for many government of the shelf software and technology. Part of the Department of Commerce. Manages the Malcolm Baldrige National Quality Award (MBNQA).