ISSM Section 4.1.2 Implementing Vulnerability Management Policy Questions and Answers
ISSM Section 4.1.2 Implementing Vulnerability Management Policy Questions and Answers Commands must develop a comprehensive vulnerability management process that includes the systematic identification and mitigation of software and hardware vulnerabilities in place? True or False - True Explain what a SOVT is? - - System Operability and Verification Testing (SOVT) - Any time a network connecting system is installed, the final installation step is the completion of the SOVT What are some critical associated with SOVT's? - - Command personnel must sign the SOVT verifying that the system operates as designed and accept responsibility - System Cybersecurity (CS) discrepancies can be noted as exceptions when the SOVT is completed. This is important, since POR systems are often installed with known vulnerabilities - Documenting all vulnerabilities and deviation from IAVA and STIG requirements as SOVT exceptions ensures the Program Office does not lose track of actions required to make systems compliant with CS regulations - These noted discrepancies will not pass as Cybersecurity Inspection (CSI) or Command Cyber Readiness Inspection (CCRI) waivers, but will assist in command awareness of CS requirements and as appropriate, these findings will be attributed to POR scoring (for ships) and not the Ship's Force responsible grade What does SVDD stand for? - - Software Version Description Document (SVDD) Name 3 references for Ensuring Asset Compliance? - - ACAS TTP - Best Practices Guide, - TASKORD's Vulnerability management policy should address some vulnerabilities? True or False - False Vulnerability management policy should address all vulnerabilities Does Asset Compliance apply to all re-imaged machines? True or False - True What reference do you refer to for Best Practices Guide to develop your scanning processes? - - Refer to ACAS TTP What type of scanning software is used for Afloat and Ashore commands? - - Nessus Scanner
Written for
- Institution
- ACAS - Associate of the Casualty Actuarial Society
- Course
- ACAS - Associate of the Casualty Actuarial Society
Document information
- Uploaded on
- September 23, 2023
- Number of pages
- 2
- Written in
- 2023/2024
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
-
issm section 412 implementing vulnerability ma
Also available in package deal