Card Set Information
What is identification as it pertains to information protection?
proving the subject is what the subject claims to be
What is authentication as it pertains to information protection?
verifying the eligibility of a subject and the ability of the subject to access certain info
What are the 3 priamary ways to authenticate oneself on the network?
On an AF network, what is your password required to have in it?
Where are biometrics based auth and id generally used, and why?
Areas that require a very high level of security.
What is the biggest risk with a posession based system for identifying and authenticating yourself?
Why would you use a combination of methods for identifying and authenticating yourself?
Makes it more difficult for the perp to obtain everything he needs for access
What are the 3 methods of providing strong authentication?
combo of biometric and posession, encrypted authentication, and one time passwords
Where can you find specific guidance concerning remanence security?
What is reminance security?
the use of safeguards and controls to prevent unauthorized reconstruction or disclosure of sensitive or classified information
When something is sanitized, is it automatically declassified?
Until when must you retain classification controls?
until the media is sanitized, declassified, or destroyed in an approved manner
When does the information owner of storage media declassify the media?
after the IO provides evidence that no information resides on media, the IO can declass the media
When is destroying storage media not necessary?
If the media is sanitized and declassed
What must you ensure when you are degaussing storage media?
That the coercivity strength generated is strong enough to return the magnetic media to its zero state
What AFI governs the AFCAP?
33-210 AF C&A program
What is the biggest difference between DIACAP and previous processes?
Cradle to grave, track every IS network from inception to retirement
What are the 5 phases of the DIACAP process?
Initiate and plan IA C&A, Implement and validate assigned IA controls, Make certification determination and accreditation decision, Maintain authorization to operate and conduct reviews, Decommission
What two pubs provide the basic framework of the C&A process?
AFI 33-210, and IT lean reengineering process guidebook
What is the SISSU checklist?
list of requirements covering each of those areas that a program office must adhere to when developing and fielding a system
What are the most common Air Force circuit-enclaves?