CNSSINST 4009 (2005)

4. What is the PUB CNSSINT 4009 (2015)?
7. The process of verifying the identity or other attributes claimed by or assumed
8. The official management decision issued by a DAA or PAA to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.
10. The property of being accessible and useable upon demand by an authorized entity
12. an entity (user, process, or device), or to verify the source and integrity of
13. Principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.
14. policy.
15. A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related

1. The official management decision given by a senior organizational official to
2. organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
3. A category within a given security classification limiting entry or system connectivity to only authorized persons.
5. Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges.
6. Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the
7. Countermeasures ensuring that transmitted information can be received despite deliberate jamming attempts
9. operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or
11. of systems.
13. The process of granting or denying specefic request:1) for obtaining and using information and related information processing services.