SIA HEROES
This person may conditionally require the site ISSO/ISSM to answer a min #of security controls after SIA approval
What is Delegated Authorizing Official (DAO)
This publication guides the requirement for SIAs
What is NIST 800-53
(Security Control CM-4)
The SIA template resides on this network
What is JWICS
When an SIA is submitted, it goes straight to the DAO
What is FALSE
(Document Manager is first reviewer)
Next step customer has to accomplish after getting SIA approval by DAO
What is upload into XACTA
(Upload into Manage Project Artifacts for each project listed in SIA form)
Person responsible for signing initial submission of SIA. Without this signature, SIA will be rejected and a new SIA will need to be re-submitted
What is System Program Manager
This must be located at the top and bottom of the SIA submission form, if not the SIA is rejected and it never gets to AE and DAO
What is classification marking
I see SIA is in DAO queue, to get status of SIA I contact
What is AF IC Cybersecurity Support Center
When my SIA is rejected, I can just update my existing SIA and upload the corrected SIA as a new entry
What is TRUE
(New tracking number will be assigned)
Process for review and approval of a script that will be used on an AF IC ATO'd system
What is an SIA
(Upload supporting documentation into XACTA project for review)
Performs security engineering assessments in support of the AO, DAO, and SCA for authorization decisions
What is Security Assessment Engineer
(Not an ISSE)
List of approved software that can be installed on an AF IC ATO’d system
What is AF IC Software Approved Products List (APL)
(on NIPR)
When submitting an SIA and if using reciprocity from other agencies, you still need to obtain this from the AF IC Software DAO
What is an AF IC CTF
If I have 12 sites, I submit 12 SIAs
What is FALSE
(Submit only 1 SIA with all sites listed)
Process used to approve GOTS S/W when source code cannot be scanned with Fortify
What is SCAN/LOAD/SCAN
Responsible for the day-to-day security posture and continuous monitoring for
an information system
What is Information System Security Officer
(ISSO)
This goes on the SIA form with its ATO expiration date. Without this information, SIA will be rejected.
What is XACTA project name
(Name must be identical as listed in XACTA)
SIAs are archived and can no longer be seen on the main page after this length of time
6 months
Making changes to the AF JWICS enterprise baseline requires AF JWICS RRB approval prior to submitting an SIA
What is TRUE
(You must go through RRB for any changes associated with AF JWICS systems)
If I want to buy a CISCO switch from Amazon, my SIA will not be considered for approval because I must follow this policy
What is Supply Chain Risk Management
(Need to ensure Trusted Chain of Custody)
If you don't accurately fill out the SIA form, this group will reject the SIA and it will never reach the AE or DAO
What is Document Manager
Only submit SIAs for systems that have this approval
What is Approval to Operate (ATO)
(SIA will be rejected if ATO is expired)
Where SIA supporting documentation is uploaded for AE and DAO review
What is Manage Project Artifacts in XACTA
If I forget to list a site on the SIA, I need to resubmit a new SIA that includes the site
What is TRUE
(SIA must be uploaded into each XACTA project listed)
IA Enabled products (i.e. KVMs, routers, switches) need to have this type of certification to ensure AE/DAO approval of SIA
What is NIAP Certification
(Related Security Control SA-4(7) and Pub CNSSP-11)