GMSAUDIT

RMF

STEPS

ALL THAT

FISMA

WHO AM I

100

_____ are security controls that can support multiple information systems efficiently and effectively as a common capability

What is a COMMON CONTROL

100

NIST SP 800 53

What is the document for Categorizing a system (Step 1)

100

I am the King of basketball

Who is LeBron James

100

NIST SP 800-53 Rev4

What is Selection of Security controls (Step 2)

100

A forward thinking Fedramp certified 3PAO auditing company seeking to become CMMC 3PA0

What is GMS Registrar

200

How many control families do we have

200

NIST SP 800 18

What is the document for Implementing selected security controls (Step 3)

200

I am the CEO of GMS Registrar

Who is Jag

200

Examine, Interview and Test Method

What are the 3 methodlogies for performing an assessment

200

The ability to use both the right and left hand equally well

What is ambidextrous

300

A mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.

What is a COMPENSATING CONTROL

300

NIST SP 800 37

What is Authorization of Information System (Step 5)

300

A word that expresses an action or a state of being

What is a verb

300

I review and make the final determination if a system meets the security baseline requirements before deployment

Who is the Authorizing Official

300

I lead the daily production meeting at GMS Registrar

Who is Mandeep

400

A set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. One of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53.

What is a Security Control Baseline

400

NIST 800-53A

Assessment of Security Controls (Step 4)

400

I have both system-specific and common characteristics.

What is Hybrid control

400

What is the largest continent in the world that stretches from the eastern Mediterranean Sea to the western Pacific Ocean

What is Asia

400

I am a management tool for tracking corrective action and milestones accomplished in addressing and resolving security-related weaknesses or findings (non-conformities)

WHat is POA&M (Plan Of Action and Milestone)

500

Control not implemented but inherited from the head office

What is PM control Family

500

NIST 800-137

What is Continuous Monitoring of Information System (Step 6)

500

Controls that provide a security capability for multiple information systems

What is Common Control

500

I am the final document to be presented for review and approval before a system can be put into the production environment

What is the Security Package or Security Authorization Package

500

I am one package made up of 3 unique documents (SSP,SAR and POA&M)

What is the security authorization package