FITSI Manager Federal IT Security Institute Test with Verified Answers
1. Primary NIST 800-30, 800-37, 800-39, 800-53, 800-53A
RMF Documents
2. RMF Tier 1 Risks (Organizational) Strategic, Governance, Methodologies,
Risk Tolerance
3. RMF Tier 2 Risks (Mission/Business Perspective) Enterprise Architecture,
Defining Core Missions, Subordinate Organization limits
4. RMF Tier 3 Risks (Information System) Security Controls
5. CISO Chief Information Security Officer
6. CCE Common Configuration Enumeration
7. CPE Common Platform Enumeration
8. CWE Common Weakness Enumeration
9. CVSS Common Vulnerability Scoring System
10. XCCDF Extensible Configuration Checklist Description Format
11. OVAL Open Vulnerability Assessment Language
12. OCIL Open Checklist Interactive Language
13. NVD National Vulnerability Database
14. CVE Common Vulnerabilities and Exposures
15. E-Authentication Level 1: no identity proofing requirement
Levels Level 2: single factor remote authentication
Level 3: multi-factor remote authentication
Level 4: multi-factor remote authentication; hard crypto
tokens
16. FISMA FISMA 2002 - Federal Information Security Management
Act; FISMA 2014 - Federal Information Security Modern-
ization Act
, FITSI Manager Federal IT Security Institute Test with Verified Answers
17. CNSS Committee on National Security Systems: Guides assess,
approves and oversees mitigating action of national secu-
rity systems
18. NISTIR NIST Interagency/Internal Report - Irregularly published
on special topics, transitory or limited interest items
19. Information Sys- - Establish scope of protection for systems
tem Boundaries - Established in coordination w/ security categorization
process, before developing security plans
20. CCA Clinger Cohen Act of 1996 aka Information Technology
Management Reform Act
- CIOs for all agencies
- CPIC/Capital Planning Investment Controls for IT $
- OMB OMB oversight of IT $
- Enterprise Architecture
21. SP 800-37 Rev 2 NIST SP 800 Rev 2 Risk Management Framework for
Information Systems and Organizations
- Common information security framework
- Shift from A&A to Risk Management Framework
22. PPD-21 PPD-21 - Critical Infrastructure Security & Resilience
- Supersedes HSPD-7
23. HSPD-20 HSPD-20
- Sets national continuity policy for USG
- Continuity of Operations
- Continuity of Government
24. HSPD-12 HSPD-12 - Homeland Security Directive 12 (2004
- Common ID standard
- PIV & CAC cards
25. TIC TIC - Trusted Internet Connection
2007: Federal TIC initiative for external access points
26. SP 800-30
1. Primary NIST 800-30, 800-37, 800-39, 800-53, 800-53A
RMF Documents
2. RMF Tier 1 Risks (Organizational) Strategic, Governance, Methodologies,
Risk Tolerance
3. RMF Tier 2 Risks (Mission/Business Perspective) Enterprise Architecture,
Defining Core Missions, Subordinate Organization limits
4. RMF Tier 3 Risks (Information System) Security Controls
5. CISO Chief Information Security Officer
6. CCE Common Configuration Enumeration
7. CPE Common Platform Enumeration
8. CWE Common Weakness Enumeration
9. CVSS Common Vulnerability Scoring System
10. XCCDF Extensible Configuration Checklist Description Format
11. OVAL Open Vulnerability Assessment Language
12. OCIL Open Checklist Interactive Language
13. NVD National Vulnerability Database
14. CVE Common Vulnerabilities and Exposures
15. E-Authentication Level 1: no identity proofing requirement
Levels Level 2: single factor remote authentication
Level 3: multi-factor remote authentication
Level 4: multi-factor remote authentication; hard crypto
tokens
16. FISMA FISMA 2002 - Federal Information Security Management
Act; FISMA 2014 - Federal Information Security Modern-
ization Act
, FITSI Manager Federal IT Security Institute Test with Verified Answers
17. CNSS Committee on National Security Systems: Guides assess,
approves and oversees mitigating action of national secu-
rity systems
18. NISTIR NIST Interagency/Internal Report - Irregularly published
on special topics, transitory or limited interest items
19. Information Sys- - Establish scope of protection for systems
tem Boundaries - Established in coordination w/ security categorization
process, before developing security plans
20. CCA Clinger Cohen Act of 1996 aka Information Technology
Management Reform Act
- CIOs for all agencies
- CPIC/Capital Planning Investment Controls for IT $
- OMB OMB oversight of IT $
- Enterprise Architecture
21. SP 800-37 Rev 2 NIST SP 800 Rev 2 Risk Management Framework for
Information Systems and Organizations
- Common information security framework
- Shift from A&A to Risk Management Framework
22. PPD-21 PPD-21 - Critical Infrastructure Security & Resilience
- Supersedes HSPD-7
23. HSPD-20 HSPD-20
- Sets national continuity policy for USG
- Continuity of Operations
- Continuity of Government
24. HSPD-12 HSPD-12 - Homeland Security Directive 12 (2004
- Common ID standard
- PIV & CAC cards
25. TIC TIC - Trusted Internet Connection
2007: Federal TIC initiative for external access points
26. SP 800-30
