Perform Implementation and Integration
When implementing security controls based on systems security and privacy engineering best practices, which NIST standard is most commonly referred to?
NIST SP 800-53
The process of initially establishing access privileges of an individual and subsequently verifying the acceptability of a request for access.
Authorization
The individual with the authority to formally assume responsibility for operating an information system at an acceptable level of risk according to NIST SP 800-37 Rev. 2
Authorizing Official
The testing or evaluation of the controls in an information system to determine the extent to which the controls are implemented correctly.
Assessment
The grounds for confidence that the set of intended security controls are effective in their applications.
Assurance
Which NIST standard is used to provide guidance for conducting risk assessments?
NIST SP 800-30
Which NIST standard is integral to the overall process of selecting and implementing security controls and outlines the US Federal Government's risk management framework?
NIST SP 800-37 Rev 2
The individual responsible for conducting a comprehensive assessment of the security controls to determine their overall effectiveness.
Security Control Assessor (SCA)
The testing and/or evaluation of the administrative, technical, and physical security controls to determine the extent to which they are implemented correctly.
Security Control Assessment
Confirmation through the provision of strong, sound, objective evidence that system security requirements have been fulfilled.
Verification
Which NIST standard is used to provide guidance for assessing the effectiveness of security controls and is often referred to during implementation?
NIST SP 800-53A
Which process includes preparing the facility or site in accordance with the secure installation requirements?
Transition Process
What activity signifies the completion of the transition process?
Commissioning the system for secure operations
With whom does the ISSE coordinate to ensure the controls are effectively verified and aligned?
Test teams and assessors
Confirmation through the provision of strong, sound, objective evidence that stakeholder security requirements have been fulfilled.
Validation
According to NIST, which process is designed to ensure that a NEW information system meets the security expectations of systems in its expected operating environment?
Verification
Which process includes developing initial user training materials for operation, sustainment, and support?
Implementation process
To whom does the ISSE delegate all security responsibility once the system is authorized?
No one. The ISSE's responsibilities continue into the operational phase, particularly in supporting of ongoing authorization.
What has the potential for re-appearing once patches have been applied?
Vulnerabilities
What document does the AODR prepare, but does not have signatory authority for ?
Authorization Decision Letter
Which process moves the system to operations, but does not directly ensure the security expectations are met?
Transition
Which process offers security training to stakeholders?
Transition Process
What are essential for ensuring repeatability and traceability in a security test plan?
Detailed test cases
Which document requires updating once the authorizing official accepts the system and issues an ATO?
Risk Register
According to NIST systems security engineering guidelines, which process is specifically designed to provide objective evidence that a system satisfies it stakeholder security requirements.
Validation