True or false the rmf - Study guides, Class notes & Summaries

According to a 2013 Pricewaterhouse/ CSO Magazine/Us Secret Service/Carnegie Mellon survey, about what percentage of electronic crime events are caused by insiders - ️️--> 20-25% 5-10% Greater than 80% About 60% Less than 5% The DoD instruction that definitively defines cybersecurity is - ️️-->DoDI 8500.01, signed in March of 2014 Interium DoDI 5000.2 NIST Special Publication 800-145 Federal Information Systems Management Act (FISMA) USC Title 40. Clinger Cohen Act The...

What is the first step in applying the RMF? correct answers Categorize the information system and the information processed All of the following are risk treatments in different frameworks except? correct answers Ignore Which of the following is NOT one of the components of the COSO framework? correct answers Meeting stakeholder needs Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed? correct answers se...

How many phases are there in RMF? Correct Answer 6 How often do you assess a system? Correct Answer Annually The authorizing official has to approve at Step 1 categorization step. (T or F) Correct Answer True The system security plan must be signed by the authorizing official. (T or F) Correct Answer True The system security plan must be signed by the authorizing official prior to authorization to operate. (T or F) Correct Answer True Authorization to operate can be allocated up t...

DoD's official site for enterprise RMF policy and implementation guidelines is: (Identify the Systems-Level Continuous Monitoring Strategy) - ️️The Risk Management Framework (RMF) Knowledge Service (KS) Suggested best practices to reduce security risks in the supply chain include: (Select all that apply) (Identify the importance of software assurance and supply chain risk management as part of cybersecurity bests practices) - ️️Select trusted suppliers Assess product security over...

Which of the following documents do NOT give specific guidance on selecting or defining security controls? - Answer DOD 5220.22-M Impact values are assigned based on - Answer Potential harm to the nation, organizations, mission, or individuals Who has responsibility for determining which security controls apply to an information system? - Answer Common Control Provider Information Security Architect - incorrect Chief Information Officer or Senior Information Security Officer All of t...

SFPC SPED STUDY SET TEST V2 2024/2025 What specifies classification levels, special requirements, and declassification instructions for classified programs, projects, and plans? - CORRECT ANSWERSecurity Classification Guide Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)? A)When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a diffe...

FedVTE CAP Exam 50 Questions with Verified Answers Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers? A. Employees B. Hackers C. Visitors D. Customers - CORRECT ANSWER A. Employees FISMA charges which one of the following agencies with the responsibility of overseeing the security policies and practices of all agencies of the executive branch of the Federal government? A. Office of Management an...

SFPC SPED STUDY SET TEST V2 2024/2025 What specifies classification levels, special requirements, and declassification instructions for classified programs, projects, and plans? - CORRECT ANSWERSecurity Classification Guide Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)? A)When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a diffe...

Which of the following controls are part of the Risk Management Framework Step 4: Assess Security Controls? - ANSWER--Initiate RMF milestone plan -*Assess security controls* -*Develop and approve security assessment plan* -Assign qualified personnel to RMF roles The Department of Defense follows the DoD 8500 series documentation for Cybersecurity policy - ANSWER--*True* -False Within the Risk Management Framework, who can determine whether or not the system is approved to operate at an...

this legislation requires Federal agencies to develop document and implement an agency wide information security program - Answer- Clinger-Cohen What are the six steps of the RMF - Answer- Categorize Select Implement Assess Authorize Monitor What is the term used to evaluate operational information systems against the RMF, to determine the security controls in place and the requirements to mitigate risk at a acceptable level? - Answer- Gap Anaylsis What is the legal precedence - An...