FITSI Manager questions and answers
with solutions
SP 800-14 - ANSWER GASSP (Principals and Practices) Generally Accepted System Security
Principles
SP 800-18 - ANSWER Developing System Security Plans (SSP)
- Guide for Developing Security Plans for Systems, describes the procedures for developing a
system security plan (SSP), provides an overview of the security requirements of the system,
and describes the controls in place or planned for meeting those requirements.
SP 800-27 rev. A: - ANSWER Engineering Principles for IT Security - Common Criteria
SP 800-30 rev 1 - ANSWER Conducting Risk Assessments
Guide for Conducting Risk Assessments, provides guidance for conducting risk assessments of
federal systems and organizations.
("A" in Frame - Assess - Respond - Monitor)
SP 800-34 - ANSWER Contingency Planning Guide for Federal IT Systems
- Contingency Planning Guide for Federal Information Systems, assists organizations in
understanding the purpose, process, and format of information system contingency plans
(ISCPs) development with practical, real-world guidelines.
SP 800-37, rev 2 - ANSWER Applying RMF
Guide for Applying the Risk Management Framework to Systems: A Security Life Cycle
Approach, provides guidelines for applying the Risk Management Framework to federal
systems, including conducting the activities of
security categorization,
, security control selection and implementation, security control assessment,
system authorization, and
security control monitoring.
SP 800-39 - ANSWER Managing Information Security Risk
Managing Information Security Risk: Organization, Mission, and Information System View,
provides guidelines to establish an integrated, organization-wide program for managing
information security risk to organizational operations (e.g., mission, functions, image, and
reputation), assets, individuals, other organizations, and the Nation resulting from the operation
and use of federal systems.
SP 800-40, rev 3 - ANSWER Patch and Vulnerability Management Program
SP 800-41, rev 1 - ANSWER Firewalls and Firewall Policy
SP 800-45, rev 2 - ANSWER Guidelines on e-mail security
SP 800-47 - ANSWER Interconnecting IT systems
SP 800-50 - ANSWER IT Security Awareness and Training Program
SP 800-53, rev 4 - ANSWER Security Controls for Federal IT Systems
Security and Privacy Controls for Systems and Organizations, provides guidelines for selecting
and specifying security controls for organizations and systems supporting the executive agencies
of the Federal Government to meet the requirements of FIPS Publication 200.
SP 800-53A, rev 4 - ANSWER Assessing Security Controls
with solutions
SP 800-14 - ANSWER GASSP (Principals and Practices) Generally Accepted System Security
Principles
SP 800-18 - ANSWER Developing System Security Plans (SSP)
- Guide for Developing Security Plans for Systems, describes the procedures for developing a
system security plan (SSP), provides an overview of the security requirements of the system,
and describes the controls in place or planned for meeting those requirements.
SP 800-27 rev. A: - ANSWER Engineering Principles for IT Security - Common Criteria
SP 800-30 rev 1 - ANSWER Conducting Risk Assessments
Guide for Conducting Risk Assessments, provides guidance for conducting risk assessments of
federal systems and organizations.
("A" in Frame - Assess - Respond - Monitor)
SP 800-34 - ANSWER Contingency Planning Guide for Federal IT Systems
- Contingency Planning Guide for Federal Information Systems, assists organizations in
understanding the purpose, process, and format of information system contingency plans
(ISCPs) development with practical, real-world guidelines.
SP 800-37, rev 2 - ANSWER Applying RMF
Guide for Applying the Risk Management Framework to Systems: A Security Life Cycle
Approach, provides guidelines for applying the Risk Management Framework to federal
systems, including conducting the activities of
security categorization,
, security control selection and implementation, security control assessment,
system authorization, and
security control monitoring.
SP 800-39 - ANSWER Managing Information Security Risk
Managing Information Security Risk: Organization, Mission, and Information System View,
provides guidelines to establish an integrated, organization-wide program for managing
information security risk to organizational operations (e.g., mission, functions, image, and
reputation), assets, individuals, other organizations, and the Nation resulting from the operation
and use of federal systems.
SP 800-40, rev 3 - ANSWER Patch and Vulnerability Management Program
SP 800-41, rev 1 - ANSWER Firewalls and Firewall Policy
SP 800-45, rev 2 - ANSWER Guidelines on e-mail security
SP 800-47 - ANSWER Interconnecting IT systems
SP 800-50 - ANSWER IT Security Awareness and Training Program
SP 800-53, rev 4 - ANSWER Security Controls for Federal IT Systems
Security and Privacy Controls for Systems and Organizations, provides guidelines for selecting
and specifying security controls for organizations and systems supporting the executive agencies
of the Federal Government to meet the requirements of FIPS Publication 200.
SP 800-53A, rev 4 - ANSWER Assessing Security Controls
