7/22/25, 8:38 AM FITSI Manager Federal IT Security Institute Exam | ACTUAL exam: QUESTION AND ANSWERS UPDATED 2025 Flashcards | Qui…
FITSI Manager Federal IT Security Institute Exam |
ACTUAL exam: QUESTION AND ANSWERS
UPDATED 2025
Save
Terms in this set (51)
Primary NIST RMF 800-30, 800-37, 800-39, 800-53, 800-53A
Documents
(Organizational) Strategic, Governance,
RMF Tier 1 Risks
Methodologies, Risk Tolerance
(Mission/Business Perspective) Enterprise
RMF Tier 2 Risks Architecture, Defining Core Missions, Subordinate
Organization limits
RMF Tier 3 Risks (Information System) Security Controls
CISO Chief Information Security Officer
CCE Common Configuration Enumeration
CPE Common Platform Enumeration
CWE Common Weakness Enumeration
CVSS Common Vulnerability Scoring System
XCCDF Extensible Configuration Checklist Description Format
OVAL Open Vulnerability Assessment Language
OCIL Open Checklist Interactive Language
NVD National Vulnerability Database
https://quizlet.com/1061579438/fitsi-manager-federal-it-security-institute-exam-actual-exam-question-and-answers-updated-2025-flash-cards/?new 1/16
,7/22/25, 8:38 AM FITSI Manager Federal IT Security Institute Exam | ACTUAL exam: QUESTION AND ANSWERS UPDATED 2025 Flashcards | Qui…
CVE Common Vulnerabilities and Exposures
Level 1: no identity proofing requirement
Level 2: single factor remote authentication
E-Authentication Levels Level 3: multi-factor remote authentication
Level 4: multi-factor remote authentication; hard
crypto tokens
FISMA 2002 - Federal Information Security
FISMA Management Act; FISMA 2014 - Federal Information
Security Modernization Act
Committee on National Security Systems: Guides
CNSS assess, approves and oversees mitigating action of
national security systems
NIST Interagency/Internal Report - Irregularly
NISTIR published on special topics, transitory or limited
interest items
- Establish scope of protection for systems
Information System - Established in coordination w/ security
Boundaries categorization process, before developing security
plans
Clinger Cohen Act of 1996 aka Information
Technology Management Reform Act
- CIOs for all agencies
CCA
- CPIC/Capital Planning Investment Controls for IT $
- OMB OMB oversight of IT $
- Enterprise Architecture
NIST SP 800 Rev 2 Risk Management Framework for
Information Systems and Organizations
SP 800-37 Rev 2
- Common information security framework
- Shift from A&A to Risk Management Framework
PPD-21 - Critical Infrastructure Security & Resilience
PPD-21
- Supersedes HSPD-7
https://quizlet.com/1061579438/fitsi-manager-federal-it-security-institute-exam-actual-exam-question-and-answers-updated-2025-flash-cards/?new 2/16
, 7/22/25, 8:38 AM FITSI Manager Federal IT Security Institute Exam | ACTUAL exam: QUESTION AND ANSWERS UPDATED 2025 Flashcards | Qui…
HSPD-20
- Sets national continuity policy for USG
HSPD-20
- Continuity of Operations
- Continuity of Government
HSPD-12 - Homeland Security Directive 12 (2004
HSPD-12 - Common ID standard
- PIV & CAC cards
TIC - Trusted Internet Connection
TIC
2007: Federal TIC initiative for external access points
SP 800-30
SP 800-30 Guide for Conducting Risk Assessments
- How to assess & mitigate risk
FARM:
Frame
Risk Management
Assess Risk
Model/Process
Respond
Monitor Risk
Tier 1: Organization
SP 800-37 RMF
Tier 2: Mission/Business Process
Organization Tiers
Tier 3: Information System
OMB Circular A-130, Managing Information as a
OMB Circular A-130
Strategic Resource
https://quizlet.com/1061579438/fitsi-manager-federal-it-security-institute-exam-actual-exam-question-and-answers-updated-2025-flash-cards/?new 3/16
FITSI Manager Federal IT Security Institute Exam |
ACTUAL exam: QUESTION AND ANSWERS
UPDATED 2025
Save
Terms in this set (51)
Primary NIST RMF 800-30, 800-37, 800-39, 800-53, 800-53A
Documents
(Organizational) Strategic, Governance,
RMF Tier 1 Risks
Methodologies, Risk Tolerance
(Mission/Business Perspective) Enterprise
RMF Tier 2 Risks Architecture, Defining Core Missions, Subordinate
Organization limits
RMF Tier 3 Risks (Information System) Security Controls
CISO Chief Information Security Officer
CCE Common Configuration Enumeration
CPE Common Platform Enumeration
CWE Common Weakness Enumeration
CVSS Common Vulnerability Scoring System
XCCDF Extensible Configuration Checklist Description Format
OVAL Open Vulnerability Assessment Language
OCIL Open Checklist Interactive Language
NVD National Vulnerability Database
https://quizlet.com/1061579438/fitsi-manager-federal-it-security-institute-exam-actual-exam-question-and-answers-updated-2025-flash-cards/?new 1/16
,7/22/25, 8:38 AM FITSI Manager Federal IT Security Institute Exam | ACTUAL exam: QUESTION AND ANSWERS UPDATED 2025 Flashcards | Qui…
CVE Common Vulnerabilities and Exposures
Level 1: no identity proofing requirement
Level 2: single factor remote authentication
E-Authentication Levels Level 3: multi-factor remote authentication
Level 4: multi-factor remote authentication; hard
crypto tokens
FISMA 2002 - Federal Information Security
FISMA Management Act; FISMA 2014 - Federal Information
Security Modernization Act
Committee on National Security Systems: Guides
CNSS assess, approves and oversees mitigating action of
national security systems
NIST Interagency/Internal Report - Irregularly
NISTIR published on special topics, transitory or limited
interest items
- Establish scope of protection for systems
Information System - Established in coordination w/ security
Boundaries categorization process, before developing security
plans
Clinger Cohen Act of 1996 aka Information
Technology Management Reform Act
- CIOs for all agencies
CCA
- CPIC/Capital Planning Investment Controls for IT $
- OMB OMB oversight of IT $
- Enterprise Architecture
NIST SP 800 Rev 2 Risk Management Framework for
Information Systems and Organizations
SP 800-37 Rev 2
- Common information security framework
- Shift from A&A to Risk Management Framework
PPD-21 - Critical Infrastructure Security & Resilience
PPD-21
- Supersedes HSPD-7
https://quizlet.com/1061579438/fitsi-manager-federal-it-security-institute-exam-actual-exam-question-and-answers-updated-2025-flash-cards/?new 2/16
, 7/22/25, 8:38 AM FITSI Manager Federal IT Security Institute Exam | ACTUAL exam: QUESTION AND ANSWERS UPDATED 2025 Flashcards | Qui…
HSPD-20
- Sets national continuity policy for USG
HSPD-20
- Continuity of Operations
- Continuity of Government
HSPD-12 - Homeland Security Directive 12 (2004
HSPD-12 - Common ID standard
- PIV & CAC cards
TIC - Trusted Internet Connection
TIC
2007: Federal TIC initiative for external access points
SP 800-30
SP 800-30 Guide for Conducting Risk Assessments
- How to assess & mitigate risk
FARM:
Frame
Risk Management
Assess Risk
Model/Process
Respond
Monitor Risk
Tier 1: Organization
SP 800-37 RMF
Tier 2: Mission/Business Process
Organization Tiers
Tier 3: Information System
OMB Circular A-130, Managing Information as a
OMB Circular A-130
Strategic Resource
https://quizlet.com/1061579438/fitsi-manager-federal-it-security-institute-exam-actual-exam-question-and-answers-updated-2025-flash-cards/?new 3/16
