Aligning auditing frameworks for a business unit within dod
You identified the requirements and hardening guides that provide a frame to which a government network and business should adhere, you assessed the available sites under the Department of Defense (DoD) and identified agencies in charge of providing security guidelines, and you reviewed the hardening and best practice guidelines provided by DoD’s Defense Information Systems Agency (DISA), National Institute of Standards and Technology (NIST), and Information Assurance Support Environment (IASE).
Lab Assessment Questions & Answers 1. What is the difference between DITSCAP and DIACAP?
2. What is DCID 6/3, and why would you use DCID 6/3 as opposed to DIACAP for certification and accreditation of a system?
3. What is C&A, and what are the following acronyms that are related to the C&A process: DISN, GIG, PAA, DAA, and DISA?
4. What is the Defense Industrial Base Sector?
5. Who develops the configuration and validation requirements for IT products and services within DoD?
6. What is DoDD 8570.01?
7. Find a copy of the DoDD 8570.01-M revision dated April 2010. What professional certifications comply with the 8570.01-M specification and workforce development program as defined by the DoD?
8. What is the current, working URL for the DISA Military STIGs unclassified homepage?
9. Which DISA STIGs are currently available on the DISA Military STIGs unclassified homepage?
10. Why does the updated version of NIST 800-53a call for continuous monitoring?