Chapter 8 Federal Government Information Security and Privacy Regulations

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/39

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

40 Terms

1
New cards

The ___________ was the first law to address federal computer security and required every federal agency to create security plans for its IT systems.

Computer Security Act (CSA)

2
New cards

Congress created the _____________ in response to the September 11, 2001, terrorist attacks.

Federal Information Security Management Act (FISMA)

3
New cards

The Federal Information Security Modernization Act (FISMA) requires the creation of information security standards and guidelines. Which of the following organizations was delegated this responsibility?

A. Office of Management and Budget (OMB)

B. National Institute of Standards and Technology (NIST)

C. Institute of Electrical and Electronics Engineers (IEEE)

D. Government Accountability Office (GAO)

B. National Institute of Standards and Technology (NIST)

4
New cards

The Federal Information Security Modernization Act (FISMA) requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to ____________ information.

classified

5
New cards

Which of the following is true of the Federal Information Processing Standards (FIPS) created by NIST?

A. Federal agencies are not required to follow FIPS.

B. FIPS do not apply to national security systems (NSSs).

C. NIST creates FIPS to replace industry standards for information security issues.

D. The Department of Defense must approve FIPS before they can be finalized.

B. FIPS do not apply to national security systems (NSSs)

6
New cards

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program developed by NIST. What is the main technology FedRAMP oversees?

Cloud computing

7
New cards

Which of the following is not true of national security systems (NSSs)?

A. The Federal Information Security Modernization Act (FISMA) requires

federal agencies to secure NSSs using a risk-based approach.

B. An NSS includes systems that are for intelligence activities.

C. An NSS must be kept classified for national defense or foreign policy.

D. The Department of Defense (DoD) ensures that agencies with an NSS create an information security program and test it each year.

D. The Department of Defense (DoD) ensures that agencies with an NSS create an information security program and test it each year.

8
New cards

The Federal Information Security Modernization Act (FISMA) requires each federal agency to create an agency-wide information security program. Even agencies with national security systems must create these programs. What must be in place to measure the harm that could result from unauthorized access to or use of agency IT systems?

Risk assessments

9
New cards

Under the Federal Information Security Modernization Act (FISMA), the government must have a federal incident response (IR) center. Which of the following does the IR center not do?

A. Instructs agencies on finding private-sector technical support for handling information security incidents

B. Informs agencies about current and potential threats and vulnerabilities

C. Compiles and analyzes data about information security incidents

D. Consults with NIST and agencies with national security systems about information security incidents

A. Instructs agencies on finging private-sector technical support for handling

10
New cards

Which of the following statements best captures the role and responsibility of NIST?

A. NIST creates the standards and guidelines for non-national security systems to help agencies meet their Federal Information Security Modernization Act (FISMA) obligations.

B. NIST creates Federal Information Processing Standards (FIPS).

C NIST raises awareness of Federal Information Security Modernization Act (FISMA) reporting requirements and security best practices.

D. NIST conducts independent and objective audits, investigations, and inspections.

A. NIST creates the standards and guidelines for non-national security systems to help agencies meet their Federal Information Security Modernization Act (FISMA) obligations.

11
New cards

Which of the following is not one of the steps in the NIST Risk Management Framework (RMF) for Information Systems and Organizations?

A. Categorize IT systems.

B. Select minimum security controls.

C. Implement security controls in IT systems.

D. Monitor security controls when necessary.

D. Monitor security controls when necessary.

12
New cards

__________________ restrict(s) the transmission of certain types of information to foreign nationals located in the United States.

Export control regulations

13
New cards

The ________________ enforces trade sanctions and embargoes and prohibits trade with certain people in other countries.

Office of Foreign Assets Control (OFAC)

14
New cards

Which of the following is an export control regulation?

A. ITAR

B. NIST

C. FIPS

D. SP 800-53

A. ITAR

15
New cards

The _________________ requires all federal agencies to create a breach notification plan.

Office of Management and Budget (OMB)

16
New cards

The ______________ was created by Congress to protect data collected by the government.

Privacy Act of 1974

17
New cards

Under the ____________________, federal agencies must post privacy policies on their websites that contain the same types of information that are in a privacy impact assessment (PIA).

E-Government Act of 2002

18
New cards

Under Department of Commerce rules, exporters must have an export license for items and technologies that are on the:

Commerce Control List

19
New cards

The ___________ enforces trade sanctions and embargoes.

Office of Foreign Assets Control (OFAC)

20
New cards

In 2015, background investigation records from the Office of Personnel Management (OPM) were stolen. The theft included sensitive personnel files on over 21.5 million current, former, and prospective federal employees and contractors, including almost 5.6 million records with fingerprints. The incident led to a congressional investigation and the resignation of some OPM leaders. What was the main reason the breach occurred?

OPM failed to prioritize its information security activities.

21
New cards

True or False? The Federal Information Security Management Act (FISMA) was originally the Federal Information Security Modernization Act.

False

22
New cards

True or False? The term "cyberwar" refers to conflicts between nations and their militaries.

True

23
New cards

True or False? Agencies must follow NIST standards and guidelines for non-national security systems.

True

24
New cards

True or False? An agency's annual Federal Information Security Modernization Act (FISMA) report is considered classified.

False

25
New cards

True or False? NIST Special Publications (SPs) are computer security guidelines.

True

26
New cards

True or False? The NIST Risk Management Framework (RMF) requires agencies to test their systems and approve them for operation.

True

27
New cards

True or False? An inspector general (IG) is an official who reviews the actions of a federal agency.

True

28
New cards

True or False? The Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) share responsibility for Federal Information Security Modernization Act (FISMA) compliance.

True

29
New cards

True or False? Federal agencies do not have security deficiencies because they must follow the provisions of the Federal Information Security Modernization Act (FISMA).

False

30
New cards

True or False? The Federal Information Security Modernization Act (FISMA) applies to both federal and state agencies.

False

31
New cards

True or False? One of the most important parts of a Federal Information Security Modernization Act (FISMA) information security program is that agencies test and evaluate it.

True

32
New cards

True or False? An agency must publish a privacy impact assessment (PIA) for any system that holds records on an individual.

False

33
New cards

True or False? The Office of Management and Budget (OMB) requires agencies to report breaches of both paper and electronic information.

True

34
New cards

True or False? Under the E-Government Act, an agency must conduct a privacy impact assessment (PIA) anytime its IT systems change in such a way that new privacy risks are introduced.

True

35
New cards

True or False? A federal agency employee can be criminally responsible for violating the Privacy Act

True

36
New cards

True or False? The Privacy Act states the rules that an agency must follow to collect, use, and transfer personally identifiable information (PII).

True

37
New cards

True or False? Under the Privacy Act, a "record" includes a person's educational, financial, medical, and criminal history information.

True

38
New cards

True or False? An agency that violates the Privacy Act is not subject to civil or criminal penalties.

False

39
New cards

True or False? One of the provisions of the E-Government Act is that federal agencies must review their IT systems for privacy risks.

True

40
New cards

True or False? Per Office of Management and Budget (OMB) guidance, each federal agency has discretion about whether it will notify people about a breach of personally identifiable information (PII).

True