FITSP-M questions and answers with
solutions
The Privacy Act of 1974 established policy objectives to protect... - ANSWER Personally
Identifiable Information (PII)
Four Objectives:
-Restrict Disclosure
-Increased rights of access to agency records
-Grant individuals the right to seek amendment
-Establish a code of fair information practices
The Paperwork Reduction Act of 1980 granted... - ANSWER OMB responsibility for creating
Policies, helping other agencies comply with federal mandates. (think: Paper / Policies)
Computer Fraud and Abuse Act of 1986 is.... - ANSWER Intended to reduce cracking of
computer systems and to address Federal computer related offenses
Computer Security Act of 1987 - ANSWER -Assigned NIST to create security standards/guidelines
-Required security policies and security plans
-Mandated security training
-Superseded by FISMA (OMB (creates policies) and DHS(enforces/implements)).
The Clinger-Cohen Act (Information Technology Reform Act of 1996).... - ANSWER -Implemented
The Capital Planning Investment Control (CPIC) IT budget planning process
-Granted the Director of OMB oversight of acquisitions
-Established CIO positions in every Federal department and agency
-Defined Federal Enterprise Architecture
,-Requires annual reporting to Congress
(Think C's)
The Cybersecurity Protection Act of 2014 - ANSWER Amends the Homeland Security Act of 2002
to establish a national cybersecurity and communications integration center in the Department
of Homeland Security (DHS) to carry out the responsibilities of the DHS Under Secretary
responsible for overseeing critical infrastructure protection, cybersecurity, and related DHS
programs.
The USA PATRIOT Act of 2001... - ANSWER "Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism Act"
-Amended the definition of electronic surveillance
-Created law enforcement initiatives to forestall and respond to threats against the US
The USA PATRIOT Act redefined money laundering to include - ANSWER -Making a financial
transaction in the US to commit a crime
-Bribery of public officials and fraudulent use of public funds
-Smuggling or illegal export of controlled munitions
-Smuggling of any item controlled under export regulations
Cyber Security Workforce Act requires agencies to... - ANSWER -Classify/identify cybersecurity
positions
-Identify employees with cybersecurity training/certifications
The NICE (National Initiative for Cyber Security Education) is... - ANSWER -Operated by NIST
-A partnership between government, academia, and the private sector
-Focused on cybersecurity education, training, and workforce development.
, Who sets policy and determines reporting frequency? - ANSWER OMB
Who publishes Standards(if required) and Guidelines for OMB policies? - ANSWER NIST
What agency is tasked with implementation, oversight and monitoring against established
policies, standards, and guidelines? - ANSWER DHS
What agency determines the FISMA metrics (as directed by OMB)? - ANSWER DHS
What two types of documents does OMB publish? - ANSWER -Circulars (A-###)
-Memorandum (M-FY-##)
How long are OMB Circulars in effect? - ANSWER Two or more years (circulars have longer lives
than memoranda).
OMB Circular A-130, Managing Information as a Strategic Resource - ANSWER -Establishes
policy for the management of Federal information resources
-Appendix III, Security of Federal Automated Information Resources
-Requires accreditation of Federal Information Systems to operate according to assessment of
management, operational, and technical controls
OMB Circular A-130 Section III - ANSWER Applies Government Wide and mandates security
ASSESSMENTS & AUTHORIZATIONS every 3 years (unless continuous monitoring is in place)
What metric based reporting, which changes every year based on evolving threats and
vulnerabilities, is required to be submitted to DHS and at what frequency? - ANSWER
Cyberscope, which is submitted monthly
solutions
The Privacy Act of 1974 established policy objectives to protect... - ANSWER Personally
Identifiable Information (PII)
Four Objectives:
-Restrict Disclosure
-Increased rights of access to agency records
-Grant individuals the right to seek amendment
-Establish a code of fair information practices
The Paperwork Reduction Act of 1980 granted... - ANSWER OMB responsibility for creating
Policies, helping other agencies comply with federal mandates. (think: Paper / Policies)
Computer Fraud and Abuse Act of 1986 is.... - ANSWER Intended to reduce cracking of
computer systems and to address Federal computer related offenses
Computer Security Act of 1987 - ANSWER -Assigned NIST to create security standards/guidelines
-Required security policies and security plans
-Mandated security training
-Superseded by FISMA (OMB (creates policies) and DHS(enforces/implements)).
The Clinger-Cohen Act (Information Technology Reform Act of 1996).... - ANSWER -Implemented
The Capital Planning Investment Control (CPIC) IT budget planning process
-Granted the Director of OMB oversight of acquisitions
-Established CIO positions in every Federal department and agency
-Defined Federal Enterprise Architecture
,-Requires annual reporting to Congress
(Think C's)
The Cybersecurity Protection Act of 2014 - ANSWER Amends the Homeland Security Act of 2002
to establish a national cybersecurity and communications integration center in the Department
of Homeland Security (DHS) to carry out the responsibilities of the DHS Under Secretary
responsible for overseeing critical infrastructure protection, cybersecurity, and related DHS
programs.
The USA PATRIOT Act of 2001... - ANSWER "Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism Act"
-Amended the definition of electronic surveillance
-Created law enforcement initiatives to forestall and respond to threats against the US
The USA PATRIOT Act redefined money laundering to include - ANSWER -Making a financial
transaction in the US to commit a crime
-Bribery of public officials and fraudulent use of public funds
-Smuggling or illegal export of controlled munitions
-Smuggling of any item controlled under export regulations
Cyber Security Workforce Act requires agencies to... - ANSWER -Classify/identify cybersecurity
positions
-Identify employees with cybersecurity training/certifications
The NICE (National Initiative for Cyber Security Education) is... - ANSWER -Operated by NIST
-A partnership between government, academia, and the private sector
-Focused on cybersecurity education, training, and workforce development.
, Who sets policy and determines reporting frequency? - ANSWER OMB
Who publishes Standards(if required) and Guidelines for OMB policies? - ANSWER NIST
What agency is tasked with implementation, oversight and monitoring against established
policies, standards, and guidelines? - ANSWER DHS
What agency determines the FISMA metrics (as directed by OMB)? - ANSWER DHS
What two types of documents does OMB publish? - ANSWER -Circulars (A-###)
-Memorandum (M-FY-##)
How long are OMB Circulars in effect? - ANSWER Two or more years (circulars have longer lives
than memoranda).
OMB Circular A-130, Managing Information as a Strategic Resource - ANSWER -Establishes
policy for the management of Federal information resources
-Appendix III, Security of Federal Automated Information Resources
-Requires accreditation of Federal Information Systems to operate according to assessment of
management, operational, and technical controls
OMB Circular A-130 Section III - ANSWER Applies Government Wide and mandates security
ASSESSMENTS & AUTHORIZATIONS every 3 years (unless continuous monitoring is in place)
What metric based reporting, which changes every year based on evolving threats and
vulnerabilities, is required to be submitted to DHS and at what frequency? - ANSWER
Cyberscope, which is submitted monthly
