Controls
This control requires the establishment of a policy and procedures for granting, limiting, and revoking access to an information system
What is Access Control (AC)
In this section of eMASS, you can access and manage system information and supporting artifacts during the Risk Management Framework (RMF) process.
What is the System Details section
To reduce manual effort in the RMF process, A software tool was developed to automate general tasks like generating POA&Ms, and analyzing STIGs & ACAS scans
What is eMASSter
This policy defines NAWCWD information system access control requirements and is intended to minimize the risk of unauthorized access to Information Technology (IT) systems, privileged user accounts, and sensitive data.
What is the NAWCWD Access Control Policy
In the SpongeBob SquarePants episode "Band Geeks" who stated:
"No, Patrick, mayonnaise is not an instrument"
Who is Squidward
This control requires changes to be reviewed, approved, and formally managed to ensure system security and functionality
What is Configuration Management (CM)
This is the document used to track and manage cybersecurity weaknesses or deficiencies identified in a system
What is a Plan of Action and Milestones (POA&M)
This DOD/DISA tool provides the capability to view one or more .ckl (Configuration Checklist) formatted STIGs in an easy-to-navigate, human-readable format.
What is STIG Viewer
This document defines the overall plan for responding to cybersecurity events at NAWCWD.
What is the NAWCWD Cybersecurity Incident Response Plan (CIRP)
Which of these two famous quotes is correct?
"Luke, I am your father" or "No, I am your father"
What is "No, I am your father"
This control requires a formal process for reporting security incidents to the appropriate personnel or authorities
What is Incident Response (IR)
This eMASS capability allows system controls, statuses, and artifacts to be automatically passed down from a parent system to a child system
What is inheritance
A software set of information security tools used by the U.S. Department of Defense (DoD) for vulnerability scanning and risk assessment
What is Assured Compliance Assessment Solution (ACAS)
This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations
What is NIST SP 800-53 Rev. 4
Who was the second man to walk the moon
Who is Buzz Aldrin
This control requires the system to create a log of every user action
What is Audit & Accountability (AU)
This role is assigned to a system and is responsible for adding other users to that system record
What is the Information System Security Manager (ISSM)
Is a web-enabled registry for all software applications used by Marine Corps and Navy
What is DADMS
This plan provides command wide implementation procedures and was derived from Communication Tasking Order 10-25 A/B and Naval Tasking Directive 09-11
What is the NAWCWD Removeable Media Protection Plan (RMPP)
Before Facebook or TikTok, you could customize your profile with songs, glittery GIFs, and your “Top 8” friends. What social media site were you using
What is MySpace
This control requires organizations to limit access to facilities housing information systems
What is Physical and Environmental Protection (PE)
This formal authorization is required for a system to operate and is supported by documentation prepared and managed in eMASS
What is an Authority to Operate
This CDS web-based portal is used for sharing One-Way large unclassified data transfer files while ensuring encryption with higher classification domains or domains outside of the DoD
What is DOD SAFE or DOTS
This policy is coordinated by the DON CIO as part of the DONs traditional cybersecurity partnership for protection of national security information.
What is the Acceptable Use of DON IT Policy (DONCIO AUP)
What is the name for the plastic or metal tube found on the ends of shoelaces
What is an aglet