Rmf Ks

RMF KS

Threats to information and information systems include: Environmental disruptions, Human or machine errors, and Purposeful attacks. ( True or False )

It is imperative leaders at all levels of an organization understand their responsibilities for achieving adequate information security and for managing information system-related security risks. ( True or False )

The _____________ provides a disciplined and structured process to perform AF IT security as well as risk management activities and to integrate those activities into the system development life cycle.

The RMF changes the traditional focus of Certification and Accreditation (C&A) as a static, procedural activity to a more ___________ approach.

RMF process encompasses ________________ to determine and manage the residual cybersecurity risk to the AF created by the vulnerabilities and threats associated with objectives in military, intelligence, and business operations.

IT products, services, and platform information technology (PIT) are authorized for operation through the full RMF process. ( True or False )

PIT

________________ are product-specific and document applicable DoD policies and security requirements, as well as best practices and configuration guidelines.

DoD organizations that use IT services are typically not responsible for authorizing them. ( True or False )

DoD organizations that use _______________ IT services must ensure the categorization of the IS delivering the service is appropriate to the needs of the DoD IS using the service. ( Internal or External )

DoD organizations that use external IT services provided by a non-DoD federal government agency must ensure the categorization of the IS delivering the service is appropriate to the confidentiality, integrity, and availability needs of the information and mission. ( True or False )

A loss of ______________ is the unauthorized disclosure of information.

A loss of ____________ is the unauthorized modification or destruction of information.

A loss of _____________ is the disruption of access to or use of information or an information system.

How many levels of potential impact on organizations or individuals is defined in FIPS Publication 199 ?

CISO

Who appoints the Chief Information Security Officer ( CISO ) ?

Who works with the CISO to oversee the establishment of risk tolerance and security controls for IT owned by Headquarters Air Force (HAF) organizations without a functional CIO (HAF Portfolio)?

Who acquires all AF electronic systems through organic programs within the AF, commercial-off-theshelf (COTS) systems, or non-developmental item (NDI) programs?

Who maintains visibility of the cybersecurity posture of AF SCI and the DoD portion of the Intelligence Mission Area?

Who will develop, implement, maintain, and enforce the AF Cybersecurity Program and the RMF process, roles, and responsibilities?

The ___________ is the official with the authority responsible for accepting a level of risk for a system balanced with mission requirements.

The ______________ is the only authority permitted to grant an Approval to Connect (ATC) to the Air Force Information Networks (AFIN).

The _____________ may perform any and all duties of an Authorizing Official ( AO ) except for accepting risk by issuing an authorization decision. Also performs duties assigned by AO.

All AOs have the flexibility in augmenting, executing, and implementing RMF for systems in their AOR. ( True or False )

The AF Enterprise AO is the only authority permitted to grant an _____________ to the Air Force Information Networks (AFIN).

The ______________ will periodically assess security controls employed within and inherited by the IT IAW the Information Security Continuous Monitoring strategy.

This position may be an organic or contracted resource.

The ______________ is a licensed 3rd-party agent assisting in assessment activities and provides an independent report for the SCA.

The ISO is assigned the PM duties when no PM is assigned. ( True or False )

ISO

PM

Who will identify, implement, and ensure full integration of cybersecurity into all phases of the acquisition, upgrade, or modification programs, including initial design, development, testing, fielding, operation, and sustainment?

Who serves as the PM or ISO for the base enclave and performs duties IAW DoDI 5000.02 and AFI 17-130?

The ___________ is the primary cybersecurity technical advisor to the AO, PM, and ISO.

The ____________ is responsible for ensuring the appropriate operational security posture is maintained for assigned IT.

The _____________ is an individual, group, or organization responsible for conducting information system security engineering activities.

An organizational official with statutory, management, or operational authority for specified information and the responsibility for establishing the policies and procedures governing its generation, classification, collection, processing, dissemination, and disposal as defined in CNSSI No. 4009.

The _______________ develops, implements, oversees, and maintains a MAJCOM cybersecurity program that adheres to cybersecurity architecture, requirements, objectives, policies, processes, and procedures.

The _______________ is the individual or organization that represents operational and functional requirements of the user community for a particular system during the RMF process.

Name the Five Phases of the System Development Life Cycle