FISMA Training

6. Policies and procedures are fully institutionalized, repeatable, automated where appropriate, consistently implemented, and regularly updated
9. Assessor selects the sample items without intentional bias to include or exclude certain items in the population
10. the process of the assessor re-preforming the control’s procedures for accuracy
12. a period of time, normally two weeks, in which specific work has to be completed and made ready for review
13. supports the ability to limit or contain the impact of a potential cybersecurity event
15. supports the ability to contain the impact of a potential cybersecurity incident
18. Based on assessor's sound and seasoned judgement

1. the process of looking at the entity’s management perform a process outlined in the procedures
2. relating to or measured by the quality or characteristics
3. The ____ provides educational guidance materials; develops and grades the Uniform CPA Examination; and monitors and enforces compliance within the profession.
4. (acronym) provides a detailed step-by-step account of the work the assessor completed
5. enables timely discovery of cybersecurity events
7. assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities.
8. relating to, or involving the measurement of quantity or amount
11. stands for "Prepared by Client" or "Provided by Client." For assurance engagements, the assessor will issue PBC items to the client. Each item is a request to either hold a meeting or obtain documentation.
14. Control is designed to put into place when specific requirements for compliance can't be met with existing controls
16. a framework for developing complex software products in an iterative and incremental fashion and is the most widely recognized Agile framework
17. identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident