SAPPC questions with correct answers

Common Control CORRECT ANSWER A security control that is inherited by one or more organizational information systems. See Security Control Inheritance. Common, System-Specific, Hybrid CORRECT ANSWER Security controls can be categorized as _____________, _____________, _____________. Compensating Security Controls CORRECT ANSWER The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the baselines described in NIST Special Publication 800‐53 and CNSS Instruction 1253, that provide equivalent or comparable protection for an information system. Defense-in-Depth CORRECT ANSWER Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. Hybrid Security Control CORRECT ANSWER A security control that is implemented in an information system in part as a common control and in part as a system-specific control. See Common Control and System-Specific Security Control. System-Specific Security Control CORRECT ANSWER A security control for an information system that has not been designated as a common security control or the portion of a hybrid control that is to be implemented within an information system.