Ain't Misbehavin...
One of the most common breaches, following an authorized person through a secure door.
Tailgating
CMMC Level 2 is aligned with the controls from this specific NIST Special Publication.
What is NIST SP 800-171?
Travelers should enable this security feature on all their devices before traveling internationally to help prevent unauthorized access.
This is the term used when an employee maliciously gains unauthorized access to a network, information system, or application.
What is hacking?
A type of malicious software designed to block access to a computer system until a sum of money is paid.
What is ransomware?
Threats, intimidation, harassment, or any other inappropriate, disruptive behavior that causes fear from personal safety at the office.
Workplace Violence.
Specific information requires CMMC Level 2 or higher controls.
What is Controlled Unclassified Information (CUI)?
This is the term for an attempt by a foreign entity to obtain sensitive information through seemingly innocent conversations
What is foreign elicitation?
Lying on a security clearance application (SF-86) or failing to provide candid answers during an investigation raises significant concerns under this guideline.
What is Adjudicative Guideline E (Personal Conduct)?
The process of taking plain text and scrambling it into an unreadable format.
What is encryption?
Adjudicators consider an applicant's entire history, both favorable and unfavorable, under this guiding principle.
Whole person concept.
Entity responsible for assessing CMMC Level 2 compliance.
What is Certified Third-Party Assessor Organization (C3PAO)?
This type of spying involves stealing information for a foreign government or organization, often by means of Human Intelligence (HUMINT), technical surveillance, and cyber activity, for the purpose of strategic advantage or planned malicious activity.
What is foreign espionage?
Even if a charge was not for a serious offense like a DUI, incidents must be reported if this substance was involved.
What is alcohol?
Fraudulent text messages purporting to be from reputable companies in order to trick individuals into revealing personal information.
What is smishing?
A former NSA contractor who smuggled classified U.S. government data using a USB drive, exposing global surveillance programs run by U.S. and allies. The leaks led to diplomatic tensions, legal reforms, and a major debate on privacy and national security.
Edward Snowden
This document is used to track the plan for correcting any identified weakness or deficiencies.
What is A Plan of Action and Milestones (POA&M)?
This social media platform is increasingly used by foreign operatives to connect with professionals and extract information from cleared workers.
What is Linked-In?
This is the term for violent, criminal acts committed by individuals and/or groups to further ideological goals stemming from domestic influences, such as those of a political, religious, social, racial, or environmental nature.
What is domestic terrorism?
Harmful computer programs such as viruses, worms, and trojans used by hackers to gain access to your computer and cause destruction.
What is malware?
Actions like refusing to cooperate with security processing, providing truthful answers, and a history of rule violations.
What are some clearance disqualifiers?
This is the government agency that mandates CMMC for its contractors.
What is Department of Defense?
This requires approval, must be submitted at least five business days in advance and requires escorting.
What is foreign national visitors?
This infamous spy was a CIA case officer who was arrested and charged with spying on behalf of Russia, and compromised at least 100 U.S. intelligence operations as well as the execution of at least ten U.S. sources.
Who is Aldrich Ames?
Fraudulent phone calls or voice messages purporting to be from reputable companies in order to trick individuals into revealing personnel information.
What is vishing?