Engineering
An open-source software platform used to build, run, and manage applications inside standardized units called containers.
What is Docker?
What is SOC 2 (System and Organization Controls 2)?
When a security control fails an audit, you must document the mitigation strategy, required resources, and scheduled completion dates in this official, living compliance document.
What is POA&M (Plan of Action and Milestones)?
What is Burp Suite Professional?
A service provided by the system that fulfills stakeholder needs and can be delivered by a single Agile Release Train (ART).
What is a feature?
An open-source tool used for automating the deployment, scaling, and management of containerized applications.
What is Kubernetes?
An automated security auditing tool parses source code into an Abstract Syntax Tree (AST) to identify security vulnerabilities without executing the program.
What is SAST (Static Application Security Testing)?
Under the modern Open Security Controls Assessment Language (OSCAL) framework, this specific machine-readable artifact is generated to programmatically document how a system satisfies its defined security requirements.
What is a SSP (System Security Plan)?
A vulnerability scanner used to proactively identify and fix security flaws and misconfigurations before attackers can exploit them.
What is Tenable Nessus?
A servant leader and coach who operates at the program level to ensure multiple teams work together harmoniously to deliver value.
Who is the Agile Release Train Engineer (RTE)?
A defense mechanism that randomizes the memory locations of program components to make buffer overflow exploits unpredictable.
What is ASLR (Address Space Layout Randomization)?
A set of technical guidelines that provide step-by-step instructions for hardening specific operating systems, databases, and cloud environments.
What are Center for Internet Security (CIS) Benchmarks?
This systematic process evaluates the operational and financial consequences of a business disruption, identifying which critical systems must be restored first.
What is a Business Impact Analysis (BIA)?
This strict architecture strategy dictates that no user or device is trusted by default, requiring continuous verification regardless of whether they are inside or outside the agency network perimeter.
What is Zero Trust Architecture?
A critical, regular event where integrated work of an entire ART is showcased to stakeholders.
What is System Demo?
This attack tricks a server into querying an internal-only IP address by rapidly switching the IP address associated with a domain name during the Time-of-Check to Time-of-Use window.
What is DNS Rebinding?
This group is responsible for officially approving updates and changes to the CJIS Security Policy.
What is the CJIS Advisory Policy Board (APB)?
This document outlines how an organization will recover its systems following a severe disruption or cyberattack.
What is ISCP (Information System Contingency Plan)?
This type of network segment restricts external public traffic from touching internal federal databases by placing public-facing servers in an isolated zone.
What is a DMZ (Demilitarized Zone)?
Owner of the Team Backlog and single voice to the Team on what, when and why backlog items are required.
Who is the Product Owner?
A method defined by NIST SP 800-126 used to automate how organizations manage vulnerabilities and evaluate compliance with security policies.
What is SCAP (Security Content Automation Protocol)?
What is FIPS 140-2?
This memorandum directs agencies to employ a risk-based, prioritized logging approach to address inefficiencies and the evolving cyber threat environment.
What is M-26-14?
A key exchange mechanism used to negotiate a shared encryption key over an insecure connection while relying on a RSA digital signature to verify the server's identity.
What is DHE-RSA (Diffie-Hellman Ephemeral with RSA)?
An agile technique used when multiple teams need to coordinate their work discussing dependencies, tracking progress, and removing cross-team impediments.
What is a Scrum of Scrums?