Controls
Roles & Responsibilities
Name that Family
ISSO 101
Know Your ISSOs/ISSMs
100

AC-7 (Unsuccessful Logon Attempts) enforces a limit of how many consecutive invalid logon attempts by a user during a 15 minute time period?

What is 3?

100

This individual is appointed in writing by the AO to act on his or her behalf to conduct a security assessment.

Who is the Security Control Assessor? (SCA)

100

AC

What is Access Control?

100

How many steps are in the Risk Management Framework?

What is 7?

100

This ISSO joined a walking league this year.

Who is Jordan Saville?

200

AU-11 Audit Record Retention: For SAP data the organization is required to retain audit records for a minimum of _____ years. 

What is 5?

200

This individual is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO.

Who is an Information System Security Officer? (ISSO)

200

RA

Risk Assessment

200

The Plan of Action and Milestones (POA&M) is initiated based on the findings and recommendations from the __________?

What is the SAR?

200

Who on the team grew up in Altamonte Springs and lived in a log cabin?

Who is Kim Smith?

300

What is a predefined control set which modifies or enhances the baseline controls and targets specific data sets, system type, and/or environment?

What are Overlays?

300

This individual is responsible for the procurement, development, integration, modification, operation, maintenance, and disposal of an information system. 

Who is the Information System Owner? (ISO)

300

PS

What is Personnel Security?

300

AT-4 Security Training Records states that individual training records shall be retained for a minimum of how many years? 

What is a minimum of 5 years?

300

This ISSO has 52 first cousins

Who is Jasoda Sukhram?

400

Name our 3 non-tailorable controls.

What is AC-6 (1) Least Privilege, SA-22 Unsupported System Components, and SC-28 Protection of Information at Rest?

400

This individual is an organizational official appointed in writing and authorized to act on behalf of an AO in carrying out and coordinating the required activities associated with security authorization. They also have the authority to authorize a system to operate.

Who is the Delegated Authorizing Official? (DAO)

400

SC

What is System and Communications Protection?

400

COMSEC is comprised of 4 main components: Cryptopgraphic Security, Emission Security, Transmission Security and ___________.

What is Physical Security?

400

Which ISSO played snare drum in marching band and was once robbed while working as a bank teller?

Who is Leah Curtis?

500

PE-19 Information __________ is the intentional or unintentional release of information to an untrusted environment from electromagnetic signals emanations.

What is leakage?

500

This individual is responsible for conducting information system security engineering activities.

Who is an Information System Security Engineer? (ISSE)

500

SA

What is System and Services Acquisition?

500

Name the 7 steps of the Risk Management Framework. (RMF)

What is prepare, categorize, select, implement, assess, authorize, and monitor.

500

This ISSOs last day is December 4th.

Who is Megan Blankinship?

M
e
n
u