Question: Identify and document the appropriate designation (NSS or Non-NSS), the applicable process(es) (RMF, CUI, CMMC), and list all publications applicable to all example systems. Provide
Identify and document the appropriate designation (NSS or Non-NSS), the applicable process(es) (RMF, CUI, CMMC), and list all publications applicable to all example systems. Provide a list of the Systems, the NSS/Non-NSS designation, and list the applicable process(es) and publications you would apply to the system, via a text response or uploaded file to the assignment.
Learning Objectives:
- Understand how to determine which regulations and publications are applied to a customer's system
- Understand how to apply the correct authoritative U.S. Federal governance to the system to determine the source for cybersecurity requirements
System 1:
Your customer is an Intelligence Community (IC) agency. The system is a training system that resides in a TS/SCI classified environment. This system is a closed, self-contained system that provides video recording and display capabilities. The system is funded by the government customer.
System 2:
Your customer is a DoD Military Service. In order to deliver a classified field capability, your software developers and systems engineers need a development environment. The development work is federated, so you will not have any insight into what the deliverable product will be or how it will be employed. Therefore, the data and the dev environment are UNCLASSIFIED. This dev system will be funded by the DoD customer.
System 3:
Your customer is the National Oceanic and Atmospheric Administration (NOAA). Your contract was expanded to include a development environment to facilitate the delivery of a satellite ground architecture that has yet to be developed. You are tasked with connecting three different labs on the same campus.
System 4:
Your customer is a DoD Combatant Command. You have been awarded a contract to build an operations center monitoring classified field equipment. Monitoring operations include security, status of health, and command and control of field locations. The Operations Center does not have O&M control of equipment in the field.
System 5:
You are tasked with building a classified (TS/SCI) administrative/dev network to support multiple IC customers in your company's portfolio. The system is funded by your company and is not directly funded by your customers. One customer will provide security cognizance over the system and will provide GFE Type 1 encryptors.
Previous
Next
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts