CISSP-ISSEP: Information Systems Security Engineering Professional

MAC Levels and IA Controls

Question

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels.

Which of the following MAC levels requires basic integrity and availability.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

DoD 8500.2 is a Department of Defense (DoD) directive that establishes Information Assurance (IA) controls for DoD information systems based on their Mission Assurance Category (MAC) and confidentiality level.

The MAC levels are a set of four categories that describe the importance of the mission or function supported by the system, ranging from MAC I (highest) to MAC IV (lowest). These levels are determined by an assessment of the potential impact on the organization if the system is compromised.

Each MAC level is associated with a set of IA controls that must be implemented to protect the confidentiality, integrity, and availability of the system's information. These controls are divided into three main categories: technical, management, and operational.

In this context, the question is asking which MAC level requires basic integrity and availability. The options are:

A. MAC I B. MAC II C. MAC IV D. MAC III

The answer is MAC II.

MAC II is the second-highest level and is associated with systems that support missions or functions that are important to the DoD but are not critical to the organization's survival. Examples of MAC II systems include financial systems and logistics systems.

MAC II requires a baseline set of IA controls to ensure the confidentiality, integrity, and availability of the system's information. These controls include access control, audit and accountability, identification and authentication, and system and communications protection.

Among these controls, basic integrity and availability are required, meaning that the system's data must be accurate and complete, and the system must be operational when needed. Therefore, the correct answer is B. MAC II.

In summary, DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels, and MAC II requires basic integrity and availability.