RMF
Incidents/Attacks
Network Security
Roles
Cryptography
100

This document tracks risk mitigation activities of discovered vulnerabilities and system findings including milestone and intended corrective actions.

What is a POA&M?

100

This is an email that appears to be from your IT department or a reputable source asking for your system password.

What is Phishing?

100

This service allows users to remain anonymous, masking their identity/location and encrypts traffic.

What is a VPN?

100

The offical in this role supports the ISSM and is responsible for ensuring appropriate operational security posture is maintained for assigned systems.

What is the ISSO?

100

A common algorithm used to store computer passwords and ensure message integrity.

What is Hashing?

200

Safeguards/countermeasures prescribed for an Information system and designed to protect the confidentiality, integrity and availability of information stored and transmitted by that system.

What is Security Control?

200

An independent malware program that self-replicates in order to spread from machine to machine to cause damage.

What is a (computer) worm?

200

A security incident where confidential information is stolen and exploited by criminals without the knowledge or authorization of the owner.

What is a breach or data breach?

200

The official in this role oversees the people, processes, and technologies within an organization's IT to ensure they deliver outcomes that support the goals of the business.

Who is the CIO?

200

A list of digital certificates that have been revoked by the issuing Certificate Authority.

What is Revocation list?

300

This phase in RMF performs ongoing security checks to determine the effectiveness of planned, required and deployed security controls within an information system.

What is Continous Monitoring?

300

A type of targeted attack that takes the form of an email that appears to be from a specific organization, such as your employer or bank.

What is Spear Phishing?

300

A mechanism used to validate user identify by confirming a one-time code (usually via text or email) before authenticating to a system.

What is multi-factor authentication?

300

The official in this role manages and maintains the overall cybersecurity posture of systems within their organization.

Who is the ISSM?

300

This binds an individual's identity to a public key that contains all the information a receiver needs to be assured that the individual is who they claim to be.

What is a Digital Certificate?

400

A service-oriented Government owned application used to automate Risk Management Framework Process and obtain an Authority To Operate.

What is eMASS?

400

This type of attack targets an organization's top officials or highly-salaried employees (C-level) to reveal snesitive information.

What is Whaling?

400

This method is used to validate or limit entry into a system or network by accepting or rejecting user requests based on "need-to-know".

What is access control?

400

An official responsible for conducting a comprehensive assessment of implemented controls, control enhancements, and makes recommendations for risk acceptance or denial to the AO.

Who is SCA/Security Control Assessor?

400

In this type of encryption, algorithms are used for bulk-encrpytion because they are comparatively fast and have few computational requirements.

What is Symmetric Encryption?

500

This NIST Special Publication provides guidelines for assessing security and Privacy controls in the Federal Information systems and organizations.

What is NIST 800-53A Rev. 4?

500

This attack can be either passive or active and occurs through interception of sensitive/confidential information sent over a network.

What is Eavesdropping?

500

A defensive technology that can be Hardware or Software and functions as a gatekeeper to prevent unauthorized access to a network.

What is Firewall?

500

An official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations.

Who is AO/Authorizing Official?

500

First published in 1977, and named after its three inventors, this is one of the first public key cryptosystems ever invented.

What is RSA?

Click to zoom
M
e
n
u