Business units in the Department of Defense (DoD) have auditing frameworks that provide baseline requirements
and hardening guidelines to business units that a government network must meet. In this lab, you
identifi ed the requirements and hardening guides that provide a frame to which a government network
and business should adhere, you assessed the available sites under the Department of Defense (DoD)
and identifi ed agencies in charge of providing security guidelines, and you reviewed the hardening and
best practice guidelines provided by DoD’s Defense Information Systems Agency (DISA) and Information
Assurance Support Environment (IASE).
Lab Assessment Questions & Answers
1. What is the difference between DITSCAP and DIACAP?
2. What is DCID 6/3 and why would you use DCID 6/3 as opposed to DIACAP for certifi cation and accreditation
of a system?
Assessment Worksheet 13
37524_Lab02_Pass3.indd 13 19/04/13 1:25 AM
3. What is C&A and what are the following acronyms that are related to the C&A process: DISN, GIG, PAA,
DAA, and DISA?
4. What is the Defense Industrial Base Sector?
5. Who develops the configuration and validation requirements for IT products and services within DoD?
6. What is DoDD 8570.01?
14 Lab #2 | Align Auditing Frameworks for a Business Unit Within DoD
37524_Lab02_Pass3.indd 14 19/04/13 1:25 AM
Align Auditing Frameworks for
a Business Unit Within DoD
7. Find a copy of the DoDD 8570.01-M revision dated April 2010. What professional certifications comply
with the 8570.01-M specification and workforce development program as defined by the DoD?
8. What is the current, working URL for the DISA Military STIGs unclassified homepage?
9. Which DISA STIGs are currently available on the DISA Military STIGs unclassified homepage?
10. Why does the updated version of NIST 800-53a call for continuous monitoring?
Assessment Worksheet 15