Business units in the Department of Defense (DoD) have auditing frameworks that provide baseline requirements


and hardening guidelines to business units that a government network must meet. In this lab, you


identifi ed the requirements and hardening guides that provide a frame to which a government network


and business should adhere, you assessed the available sites under the Department of Defense (DoD)


and identifi ed agencies in charge of providing security guidelines, and you reviewed the hardening and


best practice guidelines provided by DoD’s Defense Information Systems Agency (DISA) and Information


Assurance Support Environment (IASE).



Lab Assessment Questions & Answers



1. What is the difference between DITSCAP and DIACAP?


2. What is DCID 6/3 and why would you use DCID 6/3 as opposed to DIACAP for certifi cation and accreditation




of a system?









Assessment Worksheet 13




37524_Lab02_Pass3.indd 13 19/04/13 1:25 AM



3. What is C&A and what are the following acronyms that are related to the C&A process: DISN, GIG, PAA,




DAA, and DISA?



4. What is the Defense Industrial Base Sector?


5. Who develops the configuration and validation requirements for IT products and services within DoD?


6. What is DoDD 8570.01?


14 Lab #2 | Align Auditing Frameworks for a Business Unit Within DoD




37524_Lab02_Pass3.indd 14 19/04/13 1:25 AM



Align Auditing Frameworks for


a Business Unit Within DoD




7. Find a copy of the DoDD 8570.01-M revision dated April 2010. What professional certifications comply




with the 8570.01-M specification and workforce development program as defined by the DoD?



8. What is the current, working URL for the DISA Military STIGs unclassified homepage?


9. Which DISA STIGs are currently available on the DISA Military STIGs unclassified homepage?


10. Why does the updated version of NIST 800-53a call for continuous monitoring?











Assessment Worksheet 15








    • 7 years ago
    • 3