CNSSINST 4009 (2005)

12345678910111213141516171819
Across
  1. 1. Principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.
  2. 3. A hostile action to spread malicious code via multiple methods.
  3. 5. A contraction of the term Binary Digit. The smallest unit of information in a binary system of notation
  4. 8. The process of granting or denying specefic request:1) for obtaining and using information and related information processing services.
  5. 9. Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.
  6. 10. The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.
  7. 12. Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy.
  8. 14. Office of a federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversight. (COR)
  9. 16. Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications, through the use of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels).
  10. 19. What is the PUB CNSSINT 4009 (2015)?
Down
  1. 2. Notification that a specific attack has been directed at an organization’s information systems.
  2. 3. The process of the system invalidating a user ID based on the user’s inappropriate actions. A blacklisted user ID cannot be used to log on to the system, even with the correct authenticator. Blacklisting and lifting of a blacklisting are both security-relevant events. Blacklisting also applies to blocks placed against IP addresses to prevent inappropriate or unauthorized use of internet resources.
  3. 4. Countermeasures ensuring that transmitted information can be received despite deliberate jamming attempts
  4. 6. A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.
  5. 7. A category within a given security classification limiting entry or system connectivity to only authorized persons.
  6. 11. Typically unauthorized hidden software or hardware mechanism used to circumvent security controls.
  7. 13. The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation),organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
  8. 15. The official management decision issued by a DAA or PAA to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.
  9. 17. The property of being accessible and useable upon demand by an authorized entity
  10. 18. Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges.