Term
|
Definition
DOD INFORMATION ASSURANCE CERTIFICATION AND ACCREDITATION PROCESS (DIACAP) |
|
|
Term
|
Definition
INFORMATION ASSURANCE TRAINING, CERTIFICATION AND WORKFORCE MANAGEMENT |
|
|
Term
|
Definition
|
|
Term
|
Definition
INTERIM APPROVAL TO OPERATE |
|
|
Term
HOW MANY MONTHS IS IATO GOOD FOR? |
|
Definition
6 MONTHS. CAN BE EXTENDED TO 1 YEAR |
|
|
Term
WHAT IS REQUIRED TO BE ABLE TO APPLY FOR IATO? |
|
Definition
AUTHORIZATION TERMINATION DATE |
|
|
Term
|
Definition
DENIAL APPROVAL TO OPERATE |
|
|
Term
|
Definition
DESIGNATED APPROVING AUTHORITY (DAA) |
|
|
Term
|
Definition
|
|
Term
|
Definition
180 DAYS. INITIAL AND *EXTENSION CANT BE EXCEED 360 DAYS |
|
|
Term
WHY WOULD DATO BE ISSUED? |
|
Definition
IF THE INFORMATION SYSTEM IS INADEQUATE |
|
|
Term
|
Definition
AUTHORIZATION TERMINATION DATE |
|
|
Term
|
Definition
|
|
Term
|
Definition
WHEN ATO/IATO AND IATT EXPIRE |
|
|
Term
|
Definition
PLAN OF ACTION MILESTONE - DETAILS OF DEFICIENCIES AND THE PLAN TO FIX THOSE DEFICIENCIES |
|
|
Term
WHAT MUST BE ISSUED WITH POAM? |
|
Definition
|
|
Term
HOW ARE ACCREDITATION APPROVALS RECEIVED? |
|
Definition
HARD COPY WITH SIGNATURE OR ELECTRONICALLY EMAILED WITH PKI SIGNATURE |
|
|
Term
|
Definition
CERTIFYING AUTHORITY - SENIOR OFFICIAL WHO HAS AUTHORITY OF CERTIFICATION OF INFORMATION SYSTEMS |
|
|
Term
WHAT IS A DIACAP SCORECARD? |
|
Definition
SUMMARY REPORT ON INFORMATION SYSTEMS IN A FORMAT THAT CAN BE EXCHANGED ELECTRONICALLY |
|
|
Term
WHO DOES THE DIACAP TEAM CONSIST OF? |
|
Definition
DAA, CA, PM, IAM, IAO AND USERS |
|
|
Term
WHAT DOES THE IMMEDIATE SUPERIOR IN COMMAND ISSUE? |
|
Definition
VALIDATION IF MORE TIME THAT IS ALLOWED SPECIFIED IN YOUR IATO IS NEEDED |
|
|
Term
WHAT DOES IT MEAN WHEN AN INFORMATION SYSTEM IS CONSIDERED NOT ACCREDITED? |
|
Definition
A DECISION HAS NOT BEEN MADE |
|
|
Term
WHAT ARE THE THREE LEVELS IN THE INFORMATION ASSURANCE TECHNICAL AND MANAGER? |
|
Definition
|
|
Term
WHAT ARE THE TWO CATEGORIES OF INFORMATION ASSURANCE? |
|
Definition
|
|
Term
WHAT MUST EACH DAA COMPLETE WITHIN 60 DAYS OF ASSIGNMENT TO POSITION? |
|
Definition
|
|
Term
WHEN MUST EVERY DAA CERTIFY? |
|
Definition
|
|
Term
WHAT DOES LEVEL ONE TECHNICAL (IAT) OR MANAGER (IAM) DEAL WITH? |
|
Definition
THE COMPUTER ENVIRONMENT: OPERATING SYSTEM, PERIPHERALS... ETC. (ON A SMALL SCALE) |
|
|
Term
WHAT DOES LEVEL TWO, TECHNICAL (IAT) OR MANAGER (IAM) DEAL WITH? |
|
Definition
NETWORK ENVIRONMENT: LAN, WAN, GAN |
|
|
Term
WHAT DOES LEVEL THREE, TECHNICAL (IAT) OR MANAGER (IAM) DEAL WITH? |
|
Definition
ENCLAVE ENVIRONMENT: ENCOMPASSES COMPUTER AND NETWORK ENVIRONMENTS INCLUDING PERSONNEL AND SECURITY POLICY |
|
|
Term
DAA MAY WAIVE IAT OR IAM CERTIFICATION REQUIREMENTS UNDER WHAT CIRCUMSTANCES? |
|
Definition
SERVER OPERATIONAL OR PERSONNEL CONSTRAINTS |
|
|
Term
|
Definition
MUST HAVE EXPIRATION DATE NOT TO EXCEED 6 MONTHS |
|
|
Term
|
Definition
COMPUTER NETWORK DEFENSE ANALYST |
|
|
Term
|
Definition
COLLECTS AND ANALYZE INFORMATION |
|
|
Term
|
Definition
COMPUTER NETWORK DEFENSE INCIDENT RESPONDER |
|
|
Term
|
Definition
PERFORMS INCIDENT MANAGEMENT AND RESPONSE |
|
|
Term
|
Definition
COMPUTER NETWORK DEFENSE INFRASTRUCTURE SUPPORT |
|
|
Term
|
Definition
MAINTAINS DEVICES SUCH AS ROUTERS, FIREWALLS, INTRUSION PROTECTION SYSTEM AND INTRUSION DETECTION SYSTEM |
|
|
Term
|
Definition
COMPUTER NETWORK DEFENSE AUDITOR |
|
|
Term
|
Definition
COMPLIANCE AND AUDIT TASK |
|
|
Term
WHEN SHOULD A SYSTEM RECERTIFY? |
|
Definition
IMMEDIATELY IF THERE IS A THREAT OR ANY ISSUES DETECTED. IF NOT, EVERY 3 YEARS |
|
|
Term
BEFORE A CRYPTOLOGIC INFORMATION SYSTEM CAN BE GRANTED APPROVAL TO OPERATE WHAT MUST BE DONE? |
|
Definition
A SITE VISIT BY DAA IS REQUIRED |
|
|
Term
WHAT ARE THE STEPS TO ACCREDITATION? |
|
Definition
- IAO DEVELOPS SECURITY PLAN
- IAM REVIEWS SECURITY PLAN
- IAM SENDS TO PROGRAM MANAGER
- PROGRAM MANAGER ASSIGNS # TO PLAN
- PROGRAM MANAGER SENDS PLAN TO DAA FOR APPROVAL OR DISAPPROVAL
- DAA SENDS APPROVAL/DISAPPROVAL DIRECTLY TO IAM
- IAM MAINTAINS COPY AND SENDS ANOTHER COPY TO IAO
|
|
|
Term
WHAT IS THE MINIMUM CLASSIFICATION FOR A SECURITY PLAN FOR CRYPTOLOGIC INFORMATION SYSTEM (I.E. SCIF)? |
|
Definition
|
|
Term
WHO IS A SCIF (SENSITIVE COMPARTMENTED INFORMATION FACILITY) ACCREDITED UNDER? |
|
Definition
|
|
Term
WHAT IS THE INTERCONNECTING INFORMATION SYSTEM COMPOSED OF? |
|
Definition
SEPARATELY ACCREDITED INFORMATION SYSTEMS |
|
|
Term
THE DECISION TO ALLOW FOREIGN NATIONALS ACCESS TO INFORMATION SYSTEMS SHALL BE ? |
|
Definition
|
|
Term
WHAT THREE THINGS MUST THE DAA USE TO DETERMINE THE PROTECTION LEVEL OF AN INFORMATION SYSTEM? |
|
Definition
- REQUIRED CLEARANCES
- FORMAL ACCESS APPROVAL
- NEED TO KNOW FOR ALL INFORMATION SYSTEMS
|
|
|
Term
HOW OFTEN DOES ATO HAVE TO BE REVIEWED AND WHY? |
|
Definition
ANNUALLY TO CONFIRM INFORMATION ASSURANCE REMAINS ACCEPTABLE AT ALL TIMES |
|
|
Term
WHO DOES THE INFORMATION ASSURANCE OFFICER REPORT TO? |
|
Definition
INFORMATION ASSURANCE MANAGER |
|
|
Term
WHO DOES THE INFORMATION ASSURANCE MANAGER REPORT TO? |
|
Definition
- REPORTS TO THE CO FOR ULTIMATE SECURITY OF THE ENCLAVE ENVIRONMENT.
- RESPONSIBLE TO DAA FOR ENCLAVE ENVIRONMENT
|
|
|
Term
|
Definition
PRINCIPAL APPROVING AUTHORITY |
|
|
Term
WHO DOES THE PAA DELEGATE DUTIES TO? |
|
Definition
|
|