Created by
Terms in this set (13)
a. Certification [ref. b and f]: Comprehensive evaluation of the technical and non-technical security features of an information system by incorporating protection, detection, and reaction capabilities.
b. Accreditation [ref. b and f]: The official management decision to operate an information system in a specified environment.
c. DAO [ref.c and f]: Designated Approving Authority: Upper-level manager responsible for determining a systems acceptable level of residual risk determines whether the system meets accreditation criteria.
d. System Security Plan [ref. a and f]: Describe how the security of the system will be managed. State the purpose or mission and scope of the system. Identify the projects the system supports.
e. ATO [ref. e and f]: Authority to Operate: Authority to operate a DOD IS: NIPRNET: 24 months SIPRNET: 12 months
f. IATO [ref. e and f]: Interim Approval to Operate Authority to operate a DOD IS with known security weaknesses. Cannot last longer than 180 days/6 months Must have an approved POA&M
g. Configuration Management [ref. a]: Identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle.
b. Accreditation [ref. b and f]: The official management decision to operate an information system in a specified environment.
c. DAO [ref.c and f]: Designated Approving Authority: Upper-level manager responsible for determining a systems acceptable level of residual risk determines whether the system meets accreditation criteria.
d. System Security Plan [ref. a and f]: Describe how the security of the system will be managed. State the purpose or mission and scope of the system. Identify the projects the system supports.
e. ATO [ref. e and f]: Authority to Operate: Authority to operate a DOD IS: NIPRNET: 24 months SIPRNET: 12 months
f. IATO [ref. e and f]: Interim Approval to Operate Authority to operate a DOD IS with known security weaknesses. Cannot last longer than 180 days/6 months Must have an approved POA&M
g. Configuration Management [ref. a]: Identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle.
a. Confidentiality: Assurance that information is not disclosed to unauthorized persons, processes, or devices.
b. Integrity: Assurance that information is not modified by unauthorized parties or in an unauthorized manner.
c. Availability: Assurance of timely, reliable access to data and information systems by authorized users.
d. Non-repudiation: Assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.
e. Authentication: Assurance of the identity of a message sender or receiver.
b. Integrity: Assurance that information is not modified by unauthorized parties or in an unauthorized manner.
c. Availability: Assurance of timely, reliable access to data and information systems by authorized users.
d. Non-repudiation: Assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.
e. Authentication: Assurance of the identity of a message sender or receiver.