SFPC BUNDLED EXAMS EXAM SCRIPT 2026
COMPLETE QUESTIONS AND CORRECT
ANSWERS
⫸ Define system categorization Answer: System Categorization is the
process by which the Information Owner identifies the potential impact
(low, moderate, or high) that would result from the loss of
confidentiality, integrity, and availability should a security breach occur.
⫸ DoD RMF Guidance Tier 1 Answer: -Office of Secretary of Defense
-Addresses risk management at DoD enterprise level
-Key governance = DoD CIO, Sr IO or SISO
⫸ DoD RMF Guidance Tier 2 Answer: -Mission and business processes
-Addresses risk management at mission area and component levels
-Key governance = Principal Authorizing Official (PAO)
⫸ DoD RMF Guidance Tier 3 Answer: -Platform IT/Information
Systems
-Addresses risk management at system level
-Key governance = AO (appoints and trains for all DoD systems within
their component)
, ⫸ DoD systems are subject to what types of threats? Answer:
Confidentiality, integrity, or availability of information processed,
stored, or transmitted by DoD systems.
⫸ Security controls and safeguards selected by the organization must
take what into account? Answer: Potential mission or business impacts,
risk to organizational operations and assets, individuals, other
organizations, the nation.
⫸ What are the 6 steps to the RMF Lifecycle? Answer: #1 - Categorize
Systems
#2 - Select Security Controls
#3 - Implement Security Controls
#4 - Assess Security Controls
#5 - Authorize System
#6 - Monitor Security Controls
⫸ What DoD guidance provides direction for the implementation of
RMF? Answer: DoD 8510.01
⫸ What does the Risk Management Framework (RMF) provide?
Answer: A structured, yet flexible approach for managing risk resulting
from incorporation of information systems into mission/business
processes of organization
COMPLETE QUESTIONS AND CORRECT
ANSWERS
⫸ Define system categorization Answer: System Categorization is the
process by which the Information Owner identifies the potential impact
(low, moderate, or high) that would result from the loss of
confidentiality, integrity, and availability should a security breach occur.
⫸ DoD RMF Guidance Tier 1 Answer: -Office of Secretary of Defense
-Addresses risk management at DoD enterprise level
-Key governance = DoD CIO, Sr IO or SISO
⫸ DoD RMF Guidance Tier 2 Answer: -Mission and business processes
-Addresses risk management at mission area and component levels
-Key governance = Principal Authorizing Official (PAO)
⫸ DoD RMF Guidance Tier 3 Answer: -Platform IT/Information
Systems
-Addresses risk management at system level
-Key governance = AO (appoints and trains for all DoD systems within
their component)
, ⫸ DoD systems are subject to what types of threats? Answer:
Confidentiality, integrity, or availability of information processed,
stored, or transmitted by DoD systems.
⫸ Security controls and safeguards selected by the organization must
take what into account? Answer: Potential mission or business impacts,
risk to organizational operations and assets, individuals, other
organizations, the nation.
⫸ What are the 6 steps to the RMF Lifecycle? Answer: #1 - Categorize
Systems
#2 - Select Security Controls
#3 - Implement Security Controls
#4 - Assess Security Controls
#5 - Authorize System
#6 - Monitor Security Controls
⫸ What DoD guidance provides direction for the implementation of
RMF? Answer: DoD 8510.01
⫸ What does the Risk Management Framework (RMF) provide?
Answer: A structured, yet flexible approach for managing risk resulting
from incorporation of information systems into mission/business
processes of organization
