FISMA Training

123456789101112131415161718
Across
  1. 6. Policies and procedures are fully institutionalized, repeatable, automated where appropriate, consistently implemented, and regularly updated
  2. 9. Assessor selects the sample items without intentional bias to include or exclude certain items in the population
  3. 10. the process of the assessor re-preforming the control’s procedures for accuracy
  4. 12. a period of time, normally two weeks, in which specific work has to be completed and made ready for review
  5. 13. supports the ability to limit or contain the impact of a potential cybersecurity event
  6. 15. supports the ability to contain the impact of a potential cybersecurity incident
  7. 18. Based on assessor's sound and seasoned judgement
Down
  1. 1. the process of looking at the entity’s management perform a process outlined in the procedures
  2. 2. relating to or measured by the quality or characteristics
  3. 3. The ____ provides educational guidance materials; develops and grades the Uniform CPA Examination; and monitors and enforces compliance within the profession.
  4. 4. (acronym) provides a detailed step-by-step account of the work the assessor completed
  5. 5. enables timely discovery of cybersecurity events
  6. 7. assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities.
  7. 8. relating to, or involving the measurement of quantity or amount
  8. 11. stands for "Prepared by Client" or "Provided by Client." For assurance engagements, the assessor will issue PBC items to the client. Each item is a request to either hold a meeting or obtain documentation.
  9. 14. Control is designed to put into place when specific requirements for compliance can't be met with existing controls
  10. 16. a framework for developing complex software products in an iterative and incremental fashion and is the most widely recognized Agile framework
  11. 17. identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident