Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
131 Cards in this Set
- Front
- Back
What does 3-M stand for?
|
Maintenance, Management, Materials.
|
|
How is DPAS used to track equipment?
|
Web enabled system. From receipt to disposition.
|
|
Pupose of Material Obligation Validation Program
|
Material Obligation Validation –Reconciliation of the RPPO and the SUADAPS stores. It contains the Julian date, serial #, nomenclature, and running balance
|
|
DLR's Program
|
Depot Level Repair. Manages high level items 7H, 7E, 7X, 7G, and 7Q, cannot be repaired or reused
|
|
NRFI DLR for Turn In
|
For exchange only. Initiated when parts are turned in
|
|
NRFI DLR for RIP
|
Remain in Place (use until replacement part arrives). DLR reflects standard and net price
|
|
MAM?
|
Maintenance Assist Modules. Replaceable modules needed to perform maintenance. Troubleshoot by switch and test
|
|
DD Form 1348-6
|
Purcahse parts without NSN
|
|
NAVSUP 1250-2
|
Facilities not avail to a site *OBSELETE*
|
|
DD Form 448
|
Military Interdepartmental Purchase Request
|
|
SF44
|
Pilots on extended flights for food, fuel
|
|
DD Form 1155
|
Reports parts purchased by local dealer
|
|
SF 1449
|
Solicitation/Contract/order for Commercial
|
|
SF30
|
Amendment of solicitation / mod of contract
|
|
DD Form 200
|
Financial Liability Investigation of Property Loss
|
|
SF 364
|
Discrepency report sent to vendors for errors
|
|
SF 368
|
Product Quality Deficiency Report
|
|
NSN?
|
National Stock Number - 13 digits
|
|
COG?
|
Cognizance code - 2 characters
|
|
APL?
|
Allowance Parts List
|
|
AEL?
|
Allowance Equipage List
|
|
NC?
|
Not carried
|
|
NIS?
|
Not in stock - temporary
|
|
SIM?
|
Selected Item Management - high usage items
|
|
Define CASREP
|
Malfunction that cannot be corrected within 48 hours
|
|
2nd CASREP Category
|
Deficiency exists in essential equipment. Causes minor degradation in primary mission or major in secondary.
|
|
3rd CASREP category
|
Deficiency in essential equipment. Causes major degredation but no loss of pri mission.
|
|
4th CASREP category
|
Worse than #3. Causes at least one pri mission loss
|
|
CHRIMP?
|
Consolidated Hazardous Material Reutilization and Inventory Management Program. Life Cycle Control.
|
|
DRMS?
|
Defense Reutilization and Marketing Service. Used by Civilians
|
|
ServMart
|
Warehouse Store that carries NSN items. Purchase with gov card.
|
|
Government Commercial Purchase Card
|
International Merchant Card. VISA. Must be paid in full every month.
|
|
OPTAR and Components
|
Operating Target. Estimated budget required by unit to perform
|
|
Normal Power?
|
Standard
|
|
Emergency Power?
|
Secondary Power to vital systems
|
|
Uninterrupted Power?
|
Minimal Power provided to shut equipment down.
|
|
EO 12968
|
Access to classified info
|
|
EO10450
|
Security Requirements for Government Employees
|
|
TOP Secret
|
Exceptionally grave damage
|
|
Secret
|
Serious Damage
|
|
Confidential
|
Damage
|
|
Unclassified
|
No control. Public Access
|
|
Need to Know?
|
Intel sought is for mission requirements
|
|
Investigation for Top Secret
|
Single Scope Background conducted every 5 years
|
|
Investigation for Secret
|
National Agency plus local and credit check conducted every 10 years
|
|
Investigation for Confidential
|
National Agency plus local and credit check conducted every 15 years
|
|
Investigation for SCI
|
Pre nomination interview
|
|
What is SAER?
|
Security Access Eligiblity Report - to determine continued access to SCI after guilty of misconduct
|
|
Events reportbale to SSO
|
Anything deemed questionable in nature going against Honor, Courage, Committment
|
|
Overall authority to the SCIF
|
SSO = Commanding Officer
|
|
SF700
|
Security Container info. Safe and door combos
|
|
SF701
|
Activity Security Checklist
|
|
SF702
|
Security Container Checklist
|
|
SF703
|
Classified Coversheet
|
|
SF153
|
COMSEC material report
|
|
SF312
|
Classified Information Non-Disclosure Statement
|
|
When should safe combos be changed
|
1. First installed
2. Compromised 3. Whenever necessary |
|
Purpose of DCS
|
Defense Courier Service. Network of carriers to transport classified material.
|
|
Procedures for preparation of package for DCS
|
Double pack and wrap. Marked classification on all sides. To and From.
|
|
Procedures for preparation of package for hand carry
|
Double wrapped or briefcase unless flying. Letter of Courier or Courier card given by Security manager
|
|
Responsiblities of the Top Secret Control Officer
|
Maintain total accountability of TS material minus SCI.
|
|
Force Protection Levels
|
A - General Readiness
B - Threat Possible. May be done for months C - Imminent Threat - Short periods D - Occurred - minimum timeframe |
|
RAM
|
Random Antiterrorism Measures. Up one level from local.
|
|
EAP?
|
Emergency Action Plan
|
|
Purpose of Emergency Destruction Procedures
|
Prevents unauthorized personnel access to classified material
|
|
Who can give order for Emergency Destruction?
|
E-6 or higher or GG5 or higher for civilians
|
|
In emergency destruction, which is Priority 1?
|
Top Secret
|
|
In emergency destruction, which is Priority 2?
|
Secret
|
|
In emergency destruction, which is Priority 3?
|
Confidential
|
|
SCI?
|
Classified info concerning or derived from intel sources required to be handled within foreign access control system
|
|
Items prohibited from SCIF
|
Camera's, Personal electronic equipment - anything capable of holding memory, or media
|
|
Difference between security violation and a Practice Dangerous to Security
|
Leaving SCIF with classified info as opposed ot leaving items out over night instead of in the safe.
|
|
SCIF?
|
Personnel Access and Document Control
|
|
T-SCIF
|
Located within supported HQ within Tactical Op Center Perimeter
|
|
Vault Recert and recurring inspection
|
At least annually, or more based on situation.
|
|
Need for access lists, document logs and TPI?
|
Ensures personnel have authorization
|
|
DOD Escort Policy
|
Controlled movement of visitors
|
|
Sanitizing an area
|
2 steps:
1. Remove data and cover classification 2. Secure Classified material |
|
ICD System
|
Intelligence Community Directive - means by which the DNI provides guidance, policy, and direction to the Intelligence Community.
|
|
SSO Navy
|
ONI-05 Director, Security and Corporate Services.
|
|
Duties of SSO
|
Maintains security of SCI and advises the CO on matters
|
|
Who can be a CSM?
|
Officer or GS-11 or higher with an SSBI and US Citizen
|
|
Duties of CSM -
Command Security Manager |
1. Administration of the Command’s info and personnel security prgms.
2. Liaison with SSO IRT investigations, SCI access, eligibility evals, policy and procedure changes. 3. Ensures security threats, compromises, and other violations are reported, recorded, and investigated. 4. Develops visitor control procedures and disclosure of classified info to foreign nationals 5. Develops EAP and written Command information and personnel security procedures. 6. Serves as CO’s advisor and direct representative in matters of the security of classified information. |
|
JPAS?
|
(DoD) personnel security migration system
|
|
DONCAF
|
Adjudicates the background investigations and identifies potentially disqualifying information and makes the initial suitability determination.
|
|
Length of time CO can suspend clearance
|
60 days
|
|
INFOCON 5
|
no apparent hostile activity
|
|
INFOCON 4
|
increased risk of attack
|
|
INFOCON 3
|
a risk has been identified
|
|
INFOCON 2
|
an attack has taken place
|
|
INFOCON 1
|
attacks are taking place
|
|
Security rules and procedures for magnetic and electronic media
|
All devices and media marked with the highest classification.
|
|
.mil address reason
|
DOD uses these exclusively for protection.
|
|
Define Information Assurance
|
Information Operations that protect and defend data and Information Systems (IS) by ensuring their availability, integrity, authentication, confidentiality, and no repudiation. This includes providing restoration of Information Systems by incorporating protection, detection, and reaction capabilities.
|
|
Certification
|
The comprehensive evaluation of the technical and non technical security features in support of the accreditation process
|
|
Accreditation
|
The official management decision to permit operation of an Information Systems in a specified environment at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards
|
|
Designated Approving Authority (DAA)
|
The official with the authority to formally assume responsibility for operating a system (or network) at an acceptable level of risk
|
|
System Security Plan
|
A formal document that fully describes the planned security tasks required to meet system or network security requirements.
|
|
System Security Authorization Agreement
|
A living document that represents the formal agreement between the Designated Approving Authority, the Certification Authority, the Program Manager, and the user representative
|
|
Authority to Operate (ATO)
|
The formal declaration by the Designated Approval Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards
|
|
Interim Authority To Operate (IATO)
|
A temporary authorization granted by a Designated Approval Authority, or Service Certifying Organization (SCO), for an Information Systems to process classified information in its operational environment, based on preliminary results of a security evaluation of the system.
|
|
Configuration Management
|
Identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle
|
|
security procedures involved when performing cross-domain transfers
|
1. Scan all information storage media
2. No scan, considered high risk and cannot be used unless approved by SCO 3. The IAM, and/or IASO responsible for compliance. |
|
Risk Management
|
allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions
|
|
Confidentiality attribute of IA
|
No disclosure to unauthorized or uncleared personnel.
|
|
Integrity attribute of IA
|
Protection against unauthorized modification or destruction of information
|
|
Availability attribute of IA
|
Timely, reliable access to data and information services for authorized users
|
|
Non-repudiation attribute of IA
|
Proof of transmission and receipt
|
|
Authentication attribute of IA
|
Verification that individual is authorized or cleared to receive info.
|
|
How many attributes of IA exist?
|
Five
1. Confidentiality 2. Integrity 3. Availability 4. Non-repudiation 5. Authentication |
|
9 categories of Computer Incidents
|
1. Root Level Intrusion
2. User Level Intrusion 3. Denial of Service 4. Malicious Logic 5. Unsuccesful Activity Attempt 6. Non Compliance Activity 7. Reconnaissance 8. Investigating 9. Unexplained Anomoly |
|
Root Level Intrusion?
|
Unauthorized privledged access to a DoD system
|
|
User Level Intrusion?
|
Unauthorized non-privileged access to a DoD system
|
|
Denial of Service?
|
Activity that denies, degrades or disrupts normal functionality of a system or network.
|
|
Malicious Logic?
|
Installation of software with malicious intentions.
|
|
Unsuccessful Activity Attempt?
|
Unauthorized access to a DoD system that are defeated by normal defensive mechanisms
|
|
Non-Compliance Activity?
|
Potentially exposes DoD systems to increased risk as a result of the action or inaction of authorized users.
|
|
Reconnaissance?
|
Activity that seeks to gather info to formulate an attack.
|
|
Investigating?
|
Potentially malicious or anomalous activity deemed suspicious and warrant, or are undergoing, further review
|
|
Explained Anomaly?
|
Non-Malicious and do not fall into the other categories.
|
|
DoN World Wide Web Security Policy
|
Unclassified info, no personal software to be used on an Official Computer, no representation of Official Navy to be made on web sites not related to Official Business.
|
|
Information Assurance Vulnerability Alert (IAVA)
|
high risk computer software
|
|
Information Assurance Vulnerability Bulletin (IAVB)
|
medium risk computer software
|
|
Information Assurance Vulnerability Technical Advisory (IAVT)
|
low risk computer software
|
|
Communications Tasking Order (CTO)
|
DoD-wide instruction that promulgates mandatory changes in standing instructions on how communications are handled
|
|
Navy Telecommunications Directive (NTD)
|
A widely disseminated Naval Message giving an order or direction about a certain IT function that needs to be complied with
|
|
Service Pack
|
A collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package
|
|
Vulnerability Assessment
|
A testing process used to identify weakness in a system
|
|
Vulnerability?
|
A real weakness in an information system, system security procedure, internal control, or implementation that could be exploited by someone or something
|
|
Threat?
|
Any circumstance or event with the potential to adversely impact organizational operations
|
|
Information Assurance Manager (IAM)
|
The person, appointed in writing, who is responsible for establishing, implementing and maintaining the DoD information system IA program
|