Afman 17 1301

The ____________ ensures the appropriate operational security posture is maintained for Air Force Information Technology under their purview.

List four duties of the ISSO

For what three programs do Organizational Commanders maintain responsibility?

List two administrative cybersecurity functions of the Cybersecurity Liaison/Commanders Support Staff.

The ____________ implements and enforces AFNet account management and Computer Security administrative processes and procedures.

The Cybersecurity Liaison/Commanders Support Staff (formerly known as the Information Assurance Officer (IAO), performs administrative cybersecurity functions of verifying user compliance with ____________ on a/an ____________ basis.

Within the DIACAP process, ____________ refers to "the technical evaluation of a system's security components and their compliance for the purpose of accreditation?

Define the term "Accreditation" in regard to the DIACAP process.

What is the objective of AF Assessment and Authorization?

The ____________ maintains visibility of the cybersecurity posture of the AF SCI and the DoD portion of the Intelligence Mission Area IT through automated assessment and authorization tools.

The __________ develops, implements, maintains, and enforces the AF Cybersecurity Program and the RMF process, roles, and responsibilities.

The ISO is responsible for the overall procurement, ____________ , integration, ______________ , or operation and maintenance of AF IT.

The acceptable level of risk is determined by the ____________, who considers the full range of vulnerabilities and security implications to include the actual loss if an unauthorized entity extracts the residual information, the threat directed against this information, the threat of recovery, and the potential for damage.

The ____________ ensures operational systems maintain a current ATO and recommend to the AO that systems without a current authorization are identified for removal from operation and ensures all system changes are approved through a configuration management process and system changes are assessed for cybersecurity impacts.

The____________ is a licensed organization which may be contracted by the PM to assist in assessment activities and provides an independent report for the SCA.

The ____________ is the individual or organization representing the operational and functional requirements of the user community for a particular system during the RMF process.

Accreditation decisions is based on a balance of?

Accreditation decisions always apply to a specific identified DoD IS. These decision are expressed by what four documents?

A/An ____________ indicates a DoD IS has adequately implemented all assigned IA controls, requirements, and safeguards to the point where residual risk is acceptable to the AO.

An ____________ accreditation decision is intended to manage IA security weaknesses while allowing system operation.

The ____________ accreditation decision is a special case for authorizing testing in an operational information environment or with live data for a specified time period.

A ____________ is an AO decision that a DoD IS cannot operate because of an inadequate IA design, failure to adequately implement assigned IA controls, or other lack of adequate security.

Connection approval decisions are limited to a/an ____________ and a ____________.

Security controls are the____________, ____________, and ____________ controls (i.e., safeguards or countermeasures) prescribed for information systems to protect the confidentiality, integrity, and availability of the system and its information.

Security controls fall into a security category which is the characterization of information or an information system based on an assessment of the potential impact that a loss of ____________, ____________, or ____________ of such information or information system would have on organizational operations, organizational assets, or individuals.

There are three distinctive types of designations related to the security controls that define the scope of applicability for the control; the shared nature of the control; and the responsibility for control development, implementation, assessment, and authorization. These designations include __________controls, __________controls, and __________controls.

____________ are security controls that can support multiple information systems efficiently and effectively as a common capability.

____________ are security controls that provide a security capability for a particular information system only and are the primary responsibility of information system owners and their respective authorizing officials.

___________ are security controls where one part of the control is common and another part of the control is system-specific.

____________ is United States legislation defining a comprehensive framework to protect government information, operations and assets against ____________ or man-made threats.

The security status of an enterprise's networks, information, and systems based on information assurance (IA) resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence

Hardware, software, and relevant documentation for an information system at a given point in time.

A set of system resources that operate in the same security domain and that share the protection of a single, common, continuous security perimeter.

1. Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network's Information Assurance (IA) policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks. 2. A host or network segment inserted as a "neutral zone" between an organization's private network and the Internet. Source: NIST SP 800-45 Ver 2 3. An interface on a routing firewall that is similar to the interfaces found on the firewall's protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.

An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.

Mutual agreement among participating enterprises to accept each other's security assessments in order to reuse information system resources and/or to accept each other's assessed security posture in order to share information.

____________ is an online, web-based resource that provides guidance and tools for implementing and executing the RMF.

Threats to information and information systems include __________, _______________, ____________________.

____________ management tasks begin as soon as possible to apply security controls in the design, development, and acquisition of an IS, continuing through operations and sustainment.

RMF activities being initiated at program or system inception through ____________.

What are the Six RMF steps?

DoDIT is any technology ____________, ____________, ____________, ____________ or ____________ DoD information

DoD IT is broadly grouped as DoD IS ____________, ____________, and IT Products

___________ are individual IT hardware or software items

____________ can be commercial or government provided and includes, but is not limited to, operating systems, office productivity software, firewalls, and routers

____________ is a capability provided to one or more DoD entities by an ____________ or external provider based on the use of information technology and that supports a DoD mission or business process.

____________ agreements describe the roles and responsibilities of both the providing and the receiving organization. This type of IT service is considered an Internal IT service.

___________ is IT, both ____________ and ____________, which is physically part of, dedicated to, or essential in real time to the mission performance of ____________ systems.

____________ agreements or government statements of work for these external services must contain requirements for service level agreements (SLAs) including the application of appropriate security controls. This type of IT service is considered an External IT service.

The term "platform" includes, but is not limited to Aircraft, ____________, Ship, Submarine, , Base Power Plants, ____________, Remotely Operated Vehicle, as well as ____________ in the field.

Identify, report, and correct information and information system flaws in a timely manner. This includes providing protection from malicious code at appropriate locations within organizational information systems.

Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.

Limit physical access to information systems, equipment, and the respective operating environments to authorized individuals. Protect the physical plant and support infrastructure for information systems. Protect information systems against environmental hazards.

Organizations must limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems) and to the types of transactions and functions that authorized users are permitted to exercise.

Ensure individuals occupying positions of responsibility within organizations (including third-party service providers) are trustworthy and meet established security criteria for those positions. Ensure organizational information and information systems are protected during and after personnel actions such as terminations and transfers.

Name five documents the 624 OC uses to relay USCYBERCOM orders?

The _____________ plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military ____________ _____________ in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

A routine task that enhances network security with a medium to low risk associated with the task.

Used to disseminate network information that does not direct specific action to be taken or compliance to be tracked.

Operational type orders issued to perform specific actions at specific time frames in support of AF and Joint requirements.

Provide amplifying instructions for planning, execution, and assessment of AF CTOs and CCOs.

Used to build/shape the portion of cyberspace to be employed in support of a Combatant Command (CCMD) operation or in response to adversary action.

Provide a standardized mechanism to issue a single order to the entire AFNETOPS hierarchy, directing how to operate and make changes to the AF Enterprise Network

The Commander of _______________ as the responsibility for the overall command and control, security, and defense of the AF Information Networks (AFIN).

In the base-level communications squadron's NCC, the _____________ is the combination of the Maintenance Operations Center, telephone helpdesk, and the traditional network helpdesk functions.

The base Communications Focal Point monitors performance of the ____________ network and serves as the conduit for implementing cyber orders.

T/F Access to AF ISs is a revocable privilege and is granted to individuals based on need to know.

All ____________ users (e.g., military, civilian, contractor, temporary employees, volunteers, interns, key spouses, and American Red Cross personnel) must complete Cyber Awareness Challenge training prior to being granted access to an IS.

The ____________ consult the Host or MAJCOM FDO and applicable ISSM before authorizing access by FN/LN users to ISs processing, storing, or transmitting classified and controlled unclassified information (CUI).

Prior to permitting Foreign/Local national personnel access, the MAJCOM FDO determines authorized and privileged need-to-know for the ____________ and ____________ of information, software, hardware and firmware to include controlled unclassified information (CUI) and classified information

The ____________ tracks and maintains visibility over all FN/LN billets assigned to an IS and/or organization.

T/F Temporary employees and volunteers (including key spouses) must meet the requirements of all authorized users. Grant only Classified IS access to temporary employees and volunteer personnel in support of their assigned duties.

Give an example of a proper messaging naming convention of a FN/LN.

Public users accessing an IS intermittently (i.e., vendors, morale support, technical support, etc.) have only ____________ access.

All authorized users should protect networked and/or stand-alone ISs against ____________, _____________, and ____________.

Protect ISs from insider and outsider threats by controlling ____________ to the facilities and data by implementing procedures identified in Joint, DoD, AF publications, and organizationally created procedures

List five examples of removable media.

T/F Configure removable media and related peripherals using physical or software configuration settings to enable "write" mechanisms for all forms of removable media on SIPRNet ISs.

List five examples of Portable Electronic Devices (PEDs).

Prohibit connecting of privately-owned devices (cellphones, smart watches, tablets, etc.) to the AF-GIG and introduction of privately owned devices into areas (e.g. rooms, offices) where ____________ information is processed and discussed unless approved by the AO.

The AF allows Guest ISs (formerly known as Non-AF ISs) seeking connection to the AFGIG, but must ensure the AF ____________ requirement is followed.

VPN protects the information system link using____________, ____________, and ______________ giving the impression of a dedicated line.

All AF locations with an AF Service Delivery Point shall bulk encrypt all af.mil to af.mil traffic before it traverses the ____________.

T/F The only DoD authorized access to the Internet is via the NIPRNet.

DISA compiled guidance for securing an IA or IA-Enabled Device (operating system, network, application software, etc.). The ____________ are a compilation of DoD policies, security regulations and best practices.

A/An ____________ is an independent review and examination of records and activities to assess the adequacy of system controls and ensure compliance with established policies and operational procedures.

Define Audit Trail.

The audit trail must NOT contain ____________ incorrectly entered passwords, or character strings, since this could expose the password of a legitimate user who mistakenly types the user's name or password.

Review audit logs and audit trails at a minimum ____________, more frequently if required, and take appropriate action.

If the DoD information system contains Sources and Methods Intelligence (SAMI), then audit records are retained for ____________ years. Otherwise, audit records are retained for at least ____________ year.

What are the three types remote access?

____________ requires medium security controls on the remote system and users must use government-owned or controlled devices.

Remote users will be connecting to a DoD core network to perform any system administration duties to include troubleshooting, configuration changes, and reviewing any system or configuration data, regardless of system type possess ____________ access.

Remote users who are viewing content or sending e-mail but are NOT altering or entering official Government data (e.g., accessing a DoD web site) are considered to have ____________ access.

T/F Delete user accounts when users are unable to remotely access their accounts due to an extended absence or when a user is suspended from work.

The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact is identified as ____________.

____________ is a thorough assessment done to determine what parts of the system in question are vulnerable to attack and to prioritize these vulnerabilities in terms of severity and likelihood.

The four components to the risk management framework are: Frame, ________________, _________________. and _________________.

Protect information systems from ____________ and ____________ threats by controlling physical access to the facilities and data by implementing procedures identified in Joint, DoD, AF Publications, and organizationally created procedures.

Ensure only authorized users can gain access to workstations, applications, and networks. Grant access to information systems based on the need-to-know, classification level of the information, _____________, ______________________________, special access (e.g., foreign national access), Information Technology category designated requirements (i.e., local background investigation, national agency check, etc.), and ______________________.

Access to external, untrusted networks is only permitted from a ___________ in accordance with CJCSM 6510.01, Information Assurance (IA) and Computer Network Defense (CND).

The DoD's goal in regulating of Ports Protocols and Services (PPS) focuses on preventing the use of unregulated PPS. The methods to achieve this goal include implementation of Positive Technical Controls at the network level through _______________________, _______________________ for network boundary devices and at the System/Application level through ____________________ by _____________ any Unnecessary PPS.

What is the point at which an enclave's internal network service layer connects to an external network's service layer.

What is the policy document that provides technical guidance for usage of well-known PPS on the AF Enterprise.

What is the term for a legal requirement serving as a notice to users of communications systems that monitoring is conducted and use of the system or device constitutes consent to monitoring?

A collection of computing environments connected by one or more internal networks under the control of a single authority and security policy, including personnel and physical security.

A perimeter network segment enforcing the internal networks information assurance policy for external information exchange.

The logical connection points for the transmission of information packets.

The rules governing connection, communication, and data transfer between two computing end points.

The term "Asset" is defined as any device connected to the AF-GIG. Name four items included in the Information System's assets.

Various notification and tracking processes are required to direct action and report status throughout the AF Network Operations (AFNETOPS) hierarchy. Among them, the most important to AF personnel, are the ____________ and ____________.

A/An ____________ is a downward-directed security or vulnerability-related order issued by the AF.

Name the three priority categories of Time Compliance Network Orders (TCNOs) and give a brief description of each.

T/F Each I-NOSC will complete a Scan Coordination Memo prior to initiating scans across the AF-GIG with their respective sites. There will be one memo per vulnerability scan.

If the TCNO priority is ____________ then the compliance/POA&M mitigation date will be no more than 60 days.

Category ____ vulnerabilities are the most severe and require the organization's immediate attention. Corrective action is required within ______ business days.

The I-NOSC or authorized alternate organization (i.e., NOS Detachments, NCCs, etc.) will conduct scheduled ____________ vulnerability scans of all assets/devices connected to the AFGIG on both NIPRNET and SIPRNET.

____________ are closely related to TCNOs with the primary difference being they are informative in nature and are NOT used to direct actions.

____________ is a security principle recommending the setup of multiple, complementary lines of defense against malicious attacks or other threats to security.

To effectively resist attacks against its information and information systems, an organization needs to characterize its ____________ their potential ____________, and their classes of attack.

Name the three elements (Steps) to the Defense-in-Depth Strategy.

The Barrier Reef concept is the AF's spin on the Defense-in-Depth using a process known as _____________.

What security discipline ensures the employment of countermeasures to protect and secure US government information processed by AF Information Systems by protecting the confidentiality, integrity, availability, authentication, and non-repudiation of ISs?

Measures and controls taken to deny unauthorized persons information derived from information systems of the U.S. is referred to as ____________.

Denying interception and exploitation of classified, and in some instances unclassified, information by containing compromising emanations within an inspectable space is known as _____________.

____________ ____________ ensures only authorized users can gain access to workstations, applications, and networks.

Routine NetOps, normal readiness of information systems, and networks that can be sustained indefinitely. Information networks are fully operational in a known baseline condition withstandard information assurance polices in place and enforced.

Increases NetOps readiness, in preparation for operations or exercises, with limited impact to the end-user. Additionally, user profiles and accounts are reviewed and checks conducted for dormant accounts.

Increases NetOps readiness by increasing the frequency of validation of the informationnetwork and its corresponding configuration. Impact to end-users is minor.

The impact on system administrators will increase in comparison to previous INFOCONs and will require an increase in pre-planning, personnel training, and the exercising and pre-positioning of system rebuilding utilities.

The highest readiness condition. The most effective method for ensuring the system has not been compromised in this manner is to reload operating system software on key infrastructure servers from an accurate baseline.

Who administers AF implementation of the DoD INFOCON program and authorizes changes to the AF INFOCON level on behalf of the CSAF?

Who provides immediate voice notification of an INFOCON change?

At a minimum, INFOCON reports will be unclassified and handled as ____________.

What message directs all MAJCOMs, FOAs, and DRUs, to implement a new AF INFOCON level.

Define Remanence.

T/F During the life cycle of an IS, media can be reused, released, or destroyed. All classified IS storage media will be reused in unclassified environments.

Clearing

Overwriting

Degaussing

Sanitization

Destruction

Ensure the classification markings for the ____________ classification processed remains on the media.

Declassifying media requires the approval of the ____________ and ____________.

Who may downgrade or declassify classified information stored on media?

Use only ____________ evaluated degaussers to degauss all magnetic media containing sensitive and classified information.

The AF Inspection System (AFIS) is focused on ____________ and reporting on a unit's ____________, ____________, ____________ state of discipline and effectiveness to execute assigned missions.

The Air Force Inspection System (AFIS) gives an independent assessment of a unit's compliance with established directives and ability to execute its assigned mission, ____________ ____________, ____________ ____________, and aspects of unit culture and command climate.

The Air Force Inspection System (AFIS) provides an independent assessment of a unit's ability to ____________, ____________, ____________, ____________ deficiencies, prevent fraud and abuse, and minimize waste.

Responsible for unit self-assessment, not IGs.

The cornerstone of the AF Inspection System (AFIS). Gives the Wing Commander, subordinate commanders and Wing Airmen the right information at the right time to assess risk, identify areas of improvement, determine root cause and precisely focus limited resources; all aligned with the commander's priorities and on the commander's timeline.

Overall management and administration of CCIP. Oversees, plans, and executes Wing inspection program.

Establish, execute and sustain a Wing CCIP.

Consists of SMEs who augment Wing IG to conduct CCIP inspections under the authority of the Wing Commander.

Who conducts annual COMPUSEC self-assessments using the COMPUSEC Self-Assessment Checklist (SAC) located in the Inspector General's Management Internal Control Toolset (MICT).

____________ is focused on maintaining the capability to perform the mission and the essential functions which comprise the mission.

Continuity planning should consider all ____________, but emphasize events or other disruptions which will most likely degrade operations.

Commanders should apply ____________ ____________ principles to guide decisions about when, where, and how to invest in resources that eliminate, control or mitigate mission risk.

Continuity of Operations Plans will not be marked lower than ____________, while other COOPs will not be marked lower than ____________ ____________ ____________ ____________.

Organizations are required to validate and update their COOP every two ____________.

Provides procedures and guidance to sustain an organization's MEFs at an alternate site for up to 30 days; mandated by federal directives.

Provides procedures for mitigating and correcting a cyber-attack, such as a virus, worm, or Trojan horse.

Provides coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat.

Provides procedures and capabilities for recovering an information system.