Show Menu



Command Cyber Readiness Inspection
Formal inspection process which holds commanders accoun­table for their IA

Define IA

Protecting & Defending Data
Ensuring: 1. Availa­bility, 2. Integrity, 3. Authen­tic­ation, 4. Confid­ent­iality, 5. Non-Re­pud­iation
Incorp­ora­ting: 1. Protec­tion, 2. Detection, 3. Reaction Capabi­lities


Designated Approving Authority

Config­uration Management

1. Identi­fies, 2. Controls, 3. Accounts For, 4. Audits
In reference to a site or Inform­ation System (I.S.)
Occurs during: 1. Design, 2. Develo­pment, 3. Operat­ional Lifecycle

9 Categories of Computer Incidents

1. Root Level Intrusion (incident)
2. User Level Intrusion (incident)
3. Unsucc­essful Activity Attempt (event)
4. Denial of Service (incident)
5. Non-Co­mpl­iance Activity (event)
6. Reconn­ais­ssance (event)
7. Malicious Logic (event)
8. Invest­igating (event)
9. Explained Anomaly (event)

DoN WWW Security Policy

Threats to the security of Navy and Marine Corps operations
Threats to the safety of DoN personnel and their families
Attacks in the form of: 1. Computer Systems, 2. Terrorist Attacks, 3. Identity Theft
Balancing public inform­ation with OPSEC, Privacy Inform­ation, INFOSEC, and Personal Safety


Navy Teleco­mmu­nic­ations Directive

Service Patch

Software Package containing several updates or an App or OS

Designated Approving Authority

Upper Level Manager
Respon­sible for determ­ining Accepted Level of Risks
Determines if system meets Accred­itation criteria

Cross-­domain Xfer Security Procedures

Goal: Limit Risks when transf­erring Data
Risks: 1. Careless Methods, 2. Shortcuts, 3. Untrained Users
These risks compromise sensitive & classified inform­ation

Root Level Intrusion

Unauth­orized "­Pri­vil­ege­d" access to a DoD system

User Level Intrusion

Unauth­orized "­Non­-pr­ivi­leg­ed" access to a DoD system
Example: If the system is compro­mised w/ malcious code that provides remote intera­ctive control


Seeks to gather inform­ation from DoD systems, applic­ations, networks, and users
Inform­ation can be used to formulate an attack
Does not directly result in compromise

Explained Anomaly

Suspicious events that after further invest­igation are deemed "­non­-ma­lic­iou­s"
Detere­mined to be non-ma­licious and don't fit any other category


Announ­cement of a computer applic­ation software or operating system vulner­ability notifi­cation
In the form of an alert


A known possible exploi­tation


A possible intrusion by a third party


Evaluation of Technical & Non-Te­chnical Security features of an I.S.
Incorp­ora­ting: 1. Protec­tion, 2. Detection, 3. Reaction Capabi­lities

5 Attributes of IA



Preventing inform­ation from modifi­cation by unauth­orized parties or in unauth­orized manners


Assurance of the identity of a message sender or receiver

Unsucc­essful Activity Attempt

Deliberate attempts to gain unauth­orized access to a DoD system
Attempts are defeated by normal defensive mechanisms

Malicious Logic

Instal­lation of software designed and/or deployed by advers­aries for malicious intentions
For the purpose of gaining access to resources or inform­ation w/o consent or knowledge of the user


Inform­ation Assurance Vulner­ability Alert (IAVA)


Inform­ation Assurance Vulner­ability Bulletin (IAVB)


Announ­cement of a computer applic­ation software or operating system vulner­ability notifi­cation
In the form of a bulletin

Inform­ation Assurance Manager (IAM)

1. Establ­ishing, Implem­enting and Mainta­ining the DoD IA program
2. Docume­nting the IA program through the DoD IA & C&A process


Official Management Decision
Decision to operate an I.S. in a specified Enviro­nment


Protecting inform­ation from Unauth­orized Persons, Processes, or Devices


Timely, Reliable access to data and Info Systems by authorized users


The sender of data is provided w/ Proof of Delivery
The recipient is provided w/ proof of the sender's identity
Neither can later deny having processed the data

Denial of Service

Activity that "­Denies, Degrades, or Disrup­ts" normal functi­onality of system or network

Non-Co­mpl­iance Activity

Activity that potent­ially exposes DoD systems to increased risks
Due to the the Action or Inaction of authorized users


Events that are potent­ially malicious or anomalous activity deemed suspicious and warrant, or are undergoing further review
Will be re-cat­ego­rized to approp­riate Category 1-7 or 9 prior to closure

Computer Tasking Order (CTO)

When a computer completes all tasks assigned


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          More Cheat Sheets by weatherman22