An open-source software platform used to build, run, and manage applications inside standardized units called containers.
What is Docker?
Standard scheduled CJIS technical audits occur on this recurring cycle for criminal justice agencies.
What is every three (3) years?
When a security control fails an audit, you must document the mitigation strategy, required resources, and scheduled completion dates in this official, living compliance document.
What is POA&M (Plan of Action and Milestones)?
What is Burp Suite Professional?
A service provided by the system that fulfills stakeholder needs and can be delivered by a single Agile Release Train (ART).
What is a feature?
An open-source tool used for automating the deployment, scaling, and management of containerized applications.
What is Kubernetes?
An automated security auditing tool parses source code into an Abstract Syntax Tree (AST) to identify security vulnerabilities without executing the program.
What is SAST (Static Application Security Testing)?
Under the modern Open Security Controls Assessment Language (OSCAL) framework, this specific machine-readable artifact is generated to programmatically document how a system satisfies its defined security requirements.
What is a SSP (System Security Plan)?
A vulnerability scanner used to proactively identify and fix security flaws and misconfigurations before attackers can exploit them.
What is Tenable Nessus?
A servant leader and coach who operates at the program level to ensure multiple teams work together harmoniously to deliver value.
Who is the Agile Release Train Engineer (RTE)?
Overlapping layers of security put in place so that if one defensive mechanism fails, subsequent layers succeed in protecting the asset is known as this.
What is Defense in Depth?
Following an audit failure, this is the exact number of calendar days an agency is given to correct non-compliant issues or submit a corrective action plan.
What is 30 days?
This systematic process evaluates the operational and financial consequences of a business disruption, identifying which critical systems must be restored first.
What is a Business Impact Analysis (BIA)?
This strict architecture strategy dictates that no user or device is trusted by default, requiring continuous verification regardless of whether they are inside or outside the agency network perimeter.
What is Zero Trust Architecture?
A critical, regular event where integrated work of an entire ART is showcased to stakeholders.
What is System Demo?
Used in PKI, this specific service identifies which digital certificates should no longer be honored even if they are still within their standard validity period.
What is a CRL (Certificate Revocation List)?
This group is responsible for officially approving updates and changes to the CJIS Security Policy.
What is the CJIS Advisory Policy Board (APB)?
This document outlines how an organization will recover its systems following a severe disruption or cyberattack.
What is ISCP (Information System Contingency Plan)?
This type of network segment restricts external public traffic from touching internal federal databases by placing public-facing servers in an isolated zone.
What is a DMZ (Demilitarized Zone)?
Owner of the Team Backlog and single voice to the Team on what, when and why backlog items are required.
Who is the Product Owner?
A method defined by NIST SP 800-126 used to automate how organizations manage vulnerabilities and evaluate compliance with security policies.
What is SCAP (Security Content Automation Protocol)?
What is FIPS 140-2?
This memorandum directs agencies to employ a risk-based, prioritized logging approach to address inefficiencies and the evolving cyber threat environment.
What is M-26-14?
A key exchange mechanism used to negotiate a shared encryption key over an insecure connection while relying on a RSA digital signature to verify the server's identity.
What is DHE-RSA (Diffie-Hellman Ephemeral with RSA)?
An agile technique used when multiple teams need to coordinate their work discussing dependencies, tracking progress, and removing cross-team impediments.
What is a Scrum of Scrums?