What does Task 1 include? - ✔✔Demonstrate understanding of Federal Contract Information (FCI) and
Controlled Unclassified Information (CUI) in non-federal unclassified networks.
What does LRP stand for? - ✔✔Legal, Regulatory and Policy Drivers
What are LRP Drivers? - ✔✔The legal foundations and resulting regulations and policies governing
protection of sensitive information.
-Chapter 1 of Title 48 of the Code of Federal Regulations
-Defense Federal Acquisition Regulation Supplement (DFARS)
What is Chapter 1 of Title 48 of the Code of Federal Regulations also known as? - ✔✔48 CFR or the FAR
(Federal Acquisition Regulations)
What does the FAR provide? - ✔✔Provides uniform policies and procedures that apply to all Executive
Branch
departments and agencies regarding acquisitions.
What is the Defense Federal Acquisition Regulation Supplement (DFARS)? - ✔✔- A supplement of the
FAR
- Includes policies and procedures that apply only to the DoD
What does Federal Information Security Management Act (FISMA), amended in 2014 as Federal
Information Security Modernization Act require? - ✔✔Requires the government to protect sensitive
information (such as FCI)
What is the FAR52 (48 CFR § 52.204-21)? - ✔✔-Basic Safeguarding of Covered Contractor Information
Systems
- Explain how contractors can adhere to the law
, What does the FAR52 cover? - ✔✔o Definitions needed to understand the regulations
o Responsibilities when delegating work to a subcontractor (flow down)
o Requirements and procedure contractors must follow to protect FCI, which
include the 15 basic security controls that must be followed (this is the
source of the controls for CMMC L1)
What did Executive Order 13556, Controlled Unclassified Information (EO 13556) do? - ✔✔-
Standardized handling of protected information that is not classified
- CUI is subject to laws governing FCI as well as those specifically for CUI
What does 32 CFR part 2002 do? - ✔✔- Explains how to comply with EO 13556
- Creates overall requirements, governance, and management of CUI
- Appoints NARA to oversee CUI policy
- Created ISOO which publishes CUI notices
National Archives & Records Administration (NARA) Information Security Oversight Office
(ISOO) CUI Notices - ✔✔- CUI Notices are considered federal policy
- Policies stipulate that CUI must be protected in accordance with:
o NIST SP 800-171
o NIST SP 800-171A
o NIST SP 800-172
DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident
Reporting - ✔✔- Requires compliance with NIST SP 800-171 (documented in System Security Plan
(SSP) and Plan of Action and Milestones (POA&M)
- Self-attest only
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller VasilyKichigin. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.48. You're not tied to anything after your purchase.