FITSP-M || All Solutions are Accurate.
The Privacy Act of 1974 established policy objectives to protect... correct answers Personally
Identifiable Information (PII)
Four Objectives:
-Restrict Disclosure
-Increased rights of access to agency records
-Grant individuals the right to seek amendment
-Establish a code of fair information practices
The Paperwork Reduction Act of 1980 granted... correct answers OMB responsibility for
creating Policies, helping other agencies comply with federal mandates. (think: Paper / Policies)
Computer Fraud and Abuse Act of 1986 is.... correct answers Intended to reduce cracking of
computer systems and to address Federal computer related offenses
Computer Security Act of 1987 correct answers -Assigned NIST to create security
standards/guidelines
-Required security policies and security plans
-Mandated security training
-Superseded by FISMA (OMB (creates policies) and DHS(enforces/implements)).
The Clinger-Cohen Act (Information Technology Reform Act of 1996).... correct answers -
Implemented The Capital Planning Investment Control (CPIC) IT budget planning process
-Granted the Director of OMB oversight of acquisitions
-Established CIO positions in every Federal department and agency
-Defined Federal Enterprise Architecture
-Requires annual reporting to Congress
,(Think C's)
The Cybersecurity Protection Act of 2014 correct answers Amends the Homeland Security Act of
2002 to establish a national cybersecurity and communications integration center in the
Department of Homeland Security (DHS) to carry out the responsibilities of the DHS Under
Secretary responsible for overseeing critical infrastructure protection, cybersecurity, and related
DHS programs.
The USA PATRIOT Act of 2001... correct answers "Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act"
-Amended the definition of electronic surveillance
-Created law enforcement initiatives to forestall and respond to threats against the US
The USA PATRIOT Act redefined money laundering to include correct answers -Making a
financial transaction in the US to commit a crime
-Bribery of public officials and fraudulent use of public funds
-Smuggling or illegal export of controlled munitions
-Smuggling of any item controlled under export regulations
Cyber Security Workforce Act requires agencies to... correct answers -Classify/identify
cybersecurity positions
-Identify employees with cybersecurity training/certifications
The NICE (National Initiative for Cyber Security Education) is... correct answers -Operated by
NIST
-A partnership between government, academia, and the private sector
-Focused on cybersecurity education, training, and workforce development.
Who sets policy and determines reporting frequency? correct answers OMB
, Who publishes Standards(if required) and Guidelines for OMB policies? correct answers NIST
What agency is tasked with implementation, oversight and monitoring against established
policies, standards, and guidelines? correct answers DHS
What agency determines the FISMA metrics (as directed by OMB)? correct answers DHS
What two types of documents does OMB publish? correct answers -Circulars (A-###)
-Memorandum (M-FY-##)
How long are OMB Circulars in effect? correct answers Two or more years (circulars have
longer lives than memoranda).
OMB Circular A-130, Managing Information as a Strategic Resource correct answers -
Establishes policy for the management of Federal information resources
-Appendix III, Security of Federal Automated Information Resources
-Requires accreditation of Federal Information Systems to operate according to assessment of
management, operational, and technical controls
OMB Circular A-130 Section III correct answers Applies Government Wide and mandates
security ASSESSMENTS & AUTHORIZATIONS every 3 years (unless continuous monitoring
is in place)
What metric based reporting, which changes every year based on evolving threats and
vulnerabilities, is required to be submitted to DHS and at what frequency? correct answers
Cyberscope, which is submitted monthly
Security Content Automation Protocol (SCAP) correct answers Is a suite of specifications used
to standardize the communication of software flaws and security configurations.
The Privacy Act of 1974 established policy objectives to protect... correct answers Personally
Identifiable Information (PII)
Four Objectives:
-Restrict Disclosure
-Increased rights of access to agency records
-Grant individuals the right to seek amendment
-Establish a code of fair information practices
The Paperwork Reduction Act of 1980 granted... correct answers OMB responsibility for
creating Policies, helping other agencies comply with federal mandates. (think: Paper / Policies)
Computer Fraud and Abuse Act of 1986 is.... correct answers Intended to reduce cracking of
computer systems and to address Federal computer related offenses
Computer Security Act of 1987 correct answers -Assigned NIST to create security
standards/guidelines
-Required security policies and security plans
-Mandated security training
-Superseded by FISMA (OMB (creates policies) and DHS(enforces/implements)).
The Clinger-Cohen Act (Information Technology Reform Act of 1996).... correct answers -
Implemented The Capital Planning Investment Control (CPIC) IT budget planning process
-Granted the Director of OMB oversight of acquisitions
-Established CIO positions in every Federal department and agency
-Defined Federal Enterprise Architecture
-Requires annual reporting to Congress
,(Think C's)
The Cybersecurity Protection Act of 2014 correct answers Amends the Homeland Security Act of
2002 to establish a national cybersecurity and communications integration center in the
Department of Homeland Security (DHS) to carry out the responsibilities of the DHS Under
Secretary responsible for overseeing critical infrastructure protection, cybersecurity, and related
DHS programs.
The USA PATRIOT Act of 2001... correct answers "Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act"
-Amended the definition of electronic surveillance
-Created law enforcement initiatives to forestall and respond to threats against the US
The USA PATRIOT Act redefined money laundering to include correct answers -Making a
financial transaction in the US to commit a crime
-Bribery of public officials and fraudulent use of public funds
-Smuggling or illegal export of controlled munitions
-Smuggling of any item controlled under export regulations
Cyber Security Workforce Act requires agencies to... correct answers -Classify/identify
cybersecurity positions
-Identify employees with cybersecurity training/certifications
The NICE (National Initiative for Cyber Security Education) is... correct answers -Operated by
NIST
-A partnership between government, academia, and the private sector
-Focused on cybersecurity education, training, and workforce development.
Who sets policy and determines reporting frequency? correct answers OMB
, Who publishes Standards(if required) and Guidelines for OMB policies? correct answers NIST
What agency is tasked with implementation, oversight and monitoring against established
policies, standards, and guidelines? correct answers DHS
What agency determines the FISMA metrics (as directed by OMB)? correct answers DHS
What two types of documents does OMB publish? correct answers -Circulars (A-###)
-Memorandum (M-FY-##)
How long are OMB Circulars in effect? correct answers Two or more years (circulars have
longer lives than memoranda).
OMB Circular A-130, Managing Information as a Strategic Resource correct answers -
Establishes policy for the management of Federal information resources
-Appendix III, Security of Federal Automated Information Resources
-Requires accreditation of Federal Information Systems to operate according to assessment of
management, operational, and technical controls
OMB Circular A-130 Section III correct answers Applies Government Wide and mandates
security ASSESSMENTS & AUTHORIZATIONS every 3 years (unless continuous monitoring
is in place)
What metric based reporting, which changes every year based on evolving threats and
vulnerabilities, is required to be submitted to DHS and at what frequency? correct answers
Cyberscope, which is submitted monthly
Security Content Automation Protocol (SCAP) correct answers Is a suite of specifications used
to standardize the communication of software flaws and security configurations.
