Which Of The Following Is Not A Correct Way To Protect CUI

By / Technology /

We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Tell us about it through the REPORT button at the bottom of the page. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions.

Contents hide
1 Broad Description
2 Sources

Question: Which Of The Following Is Not A Correct Way To Protect CUI?

Quick answer: CUI may be stored on any password-protected system. CUI may be stored only on authorized systems or approved devices.

This question is a part of Cyber Awareness Challenge Answers.

Broad Description

Sensitive information may be stored on any password-protected system is true.

The benefits of a password manager outweigh the risk of stolen but robustly-encrypted passwords.

“Using a password manager is not a violation of 3.5.10 (IA.2.081); they are an accepted means of cryptographically protecting passwords, assuming the password manager employs NIST-validated cryptography per NIST SP 800-171 requirement 3.13.11. Originally 3.5.10 was worded as ‘“Store and transmit only encrypted representation of passwords.” That caused some confusion (as some thought they had to traditionally encrypt passwords rather than hash the passwords), so in Revision 1, 3.5.10 was changed to “Store and transmit only cryptographically-protected passwords” — so hashes were now addressed. When NIST added the ‘Discussion’ to each requirement in Revision 2, the explanation for 3.5.10 was a little terse “Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords” when what it meant is that when hashing, add a salt. The wording in the ‘Discussion’ for the related control (IA-5(1)) in 800-53r5 is “Cryptographically protected passwords include salted one-way cryptographic hashes of passwords” which doesn’t imply that cryptographic hashes are the only way to cryptographically protect passwords.”

So you can use a password manager as part of your covered system.

Storing CUI (Controlled Unclassified Information) on any password-protected system is not an appropriate way to protect it. CUI should be stored only on authorized systems or approved devices that meet the necessary security requirements. To protect CUI, organizations should follow guidelines and practices such as:

  1. Access controls: Implement role-based access controls to limit access to CUI based on a need-to-know basis.
  2. Data classification: Ensure that CUI is appropriately labeled and classified according to established guidelines.
  3. Secure storage: Store CUI on secure, authorized systems or devices that meet required security standards.
  4. Data encryption: Encrypt CUI both in transit and at rest using strong encryption algorithms.
  5. Security training and awareness: Educate employees about proper handling, storage, and disposal of CUI through regular training and awareness programs.
  6. Incident response planning: Develop and maintain an incident response plan to effectively address security breaches involving CUI.
  7. Regular security audits: Conduct periodic security audits to identify potential weaknesses and ensure compliance with established procedures for handling CUI.
  8. Monitor and log access: Keep records of who accesses CUI and monitor for any suspicious activity or unauthorized access.
  9. Secure communication channels: Use secure communication protocols and encrypted channels when transmitting CUI.

By adhering to these guidelines and ensuring that CUI is stored only on authorized systems or approved devices, organizations can better protect sensitive information from unauthorized access or disclosure.

Sources

  1. Cyber Awareness Challenge 2023

Was this helpful?

quizzma
Quizzma Team
+ posts

The Quizzma Team is a collective of experienced educators, subject matter experts, and content developers dedicated to providing accurate and high-quality educational resources. With a diverse range of expertise across various subjects, the team collaboratively reviews, creates, and publishes content to aid in learning and self-assessment.
Each piece of content undergoes a rigorous review process to ensure accuracy, relevance, and clarity. The Quizzma Team is committed to fostering a conducive learning environment for individuals and continually strives to provide reliable and valuable educational resources on a wide array of topics. Through collaborative effort and a shared passion for education, the Quizzma Team aims to contribute positively to the broader learning community.




Related Questions

  1. Cyber Awareness Challenge 2023 Answers
  2. How Do I Answer The CISSP Exam Questions?
  3. SSD 4 Module 4 Answers
  4. DoD Mandatory Controlled Unclassified Information (CUI) Training Answers
  5. Internet-Based Research – SBE Answers
  6. Unauthorized Disclosure of Classified Information for DoD
  7. Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers
  8. Which Of The Following Is A Good Practice To Protect Classified Information?
  9. OSHA 30 Construction Test Answers
  10. OSHA 10 Test Answers 2023
  11. LETRS Unit 2 Session 1-8 Answers
  12. OSHA 10 Construction Test Answers
  13. Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP
  14. Which Of The Following Is A Good Practice To Prevent Spillage?
  15. Juanita Is Preparing To Go Grocery Shopping And Is Making A List. However…
  16. SERE 100.2 Pre Test Answers
  17. CITI Ethics, Responsible Conduct, RCR, Law, HTH And IRB Answers
  18. EVERFI Endeavor STEM Career Exploration Answers
  19. Chapter 3 Computer Hardware Support A+ Answers
  20. Derivative Classification Answers
  21. Foreign Disclosure Training for DOD Exam Answers
  22. Which Of The Following May Help To Prevent Spillage?
  23. LETRS Unit 2 Assessment Answers
  24. CITI Module #3 – Research in Public Elementary and Secondary Schools
  25. Which Of The Following Is A Good Practice For Telework?

Related Posts