Dodd 8570.01 m april 2010

Overview

Business units in the Department of Defense (DoD) have auditing frameworks that provide baseline requirements

and hardening guidelines to business units that a government network must meet. In this lab, you

identifi ed the requirements and hardening guides that provide a frame to which a government network

and business should adhere, you assessed the available sites under the Department of Defense (DoD)

and identifi ed agencies in charge of providing security guidelines, and you reviewed the hardening and

best practice guidelines provided by DoD’s Defense Information Systems Agency (DISA) and Information

Assurance Support Environment (IASE).

Lab Assessment Questions & Answers

1. What is the difference between DITSCAP and DIACAP?

2. What is DCID 6/3 and why would you use DCID 6/3 as opposed to DIACAP for certifi cation and accreditation

of a system?

1

2

Assessment Worksheet 13

37524_Lab02_Pass3.indd 13 19/04/13 1:25 AM

3. What is C&A and what are the following acronyms that are related to the C&A process: DISN, GIG, PAA,

DAA, and DISA?

4. What is the Defense Industrial Base Sector?

5. Who develops the configuration and validation requirements for IT products and services within DoD?

6. What is DoDD 8570.01?

14 Lab #2 | Align Auditing Frameworks for a Business Unit Within DoD

37524_Lab02_Pass3.indd 14 19/04/13 1:25 AM

Align Auditing Frameworks for

a Business Unit Within DoD

7. Find a copy of the DoDD 8570.01-M revision dated April 2010. What professional certifications comply

with the 8570.01-M specification and workforce development program as defined by the DoD?

8. What is the current, working URL for the DISA Military STIGs unclassified homepage?

9. Which DISA STIGs are currently available on the DISA Military STIGs unclassified homepage?

10. Why does the updated version of NIST 800-53a call for continuous monitoring?

1

2

Assessment Worksheet 15

37524_