SPeD SFPC EXAM: Risk Management Framework (RMF) Test with correct answers

SPeD SFPC EXAM: Risk Management Framework (RMF) Test with correct answers DoD systems are subject to what types of threats?. Define system categorization . . What is confidentiality and the negative impacts of not having confidentiality? What is CIA in relation to RMF? What program does RMF replace? What DoD guidance provides direction for the implementation of RMF? What does the Risk Management Framework (RMF) provide? What policy partnerships ensure DoD RMF guidance is aligned with pre-existing standards? Security controls and safeguards selected by the organization must take what into account?. DoD RMF Guidance Tier 1 DoD RMF Guidance Tier 2 Who has authority and responsibility for security control assessment? DoD RMF Guidance Tier 3 What refers to all DoD-owned IT or controlled IT that receives, processes, stores, or displays/transmits DoD information? What is processed through JSIG? What is reciprocity? What is a primary reason for RMF transition? What are the 6 steps to the RMF Lifecycle? Define each step of the RMF What RMF step is the key first step because of its effect on all other steps and is a thorough analysis of the organizations mission and business processes? What RMF step specifies appropriate security controls to meet minimum requirements as defined by DoD baseline configuration standards and ensure integrity, confidentiality, and availability of information and information systems IAW organizational strategy? What RMF step is used to encompass all of the activities necessary to translate/implement the controls identified and applies overlays which are tailored to the IS? What RMF step is used to assess effectiveness and has the Security Control Assessor develop, review, and approve a plan? What RMF step if the official management decision for mission/business, technical constraints, operational, cost/scheduling, risk-related considerations? What RMF step is the continuous monitoring of IS controls and will analyze and document such information? What RMF step provides the means for selecting an initial baseline of security controls for protecting the information system and organization? What is the relationship between security control baselines and system categorization?.