Which elements best describe access control for CUI in information systems?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the DOD Instruction 5200.48 Controlled Unclassified Information (CUI) exam. Prepare with flashcards and multiple choice questions, each with detailed hints and explanations. Ensure success on your test day!

Multiple Choice

Which elements best describe access control for CUI in information systems?

Explanation:
Access control for CUI hinges on confirming who is accessing data, what they are allowed to do, and keeping a record of those actions. The best description includes four interrelated elements: validating identity through user authentication, granting permissions via authorization tied to roles (role-based access control), enforcing those permissions so users can only perform what their role requires (least privilege), and continuously auditing access to monitor, review, and detect any inappropriate activity. This combination ensures that only authorized individuals with a legitimate need to know can reach CUI, and that there is accountability through logs and ongoing oversight. Relying solely on password strength and screen locks misses the authorization and auditing pieces, so it doesn’t fully secure access. Policy documentation is important, but without enforcement and monitoring, rules aren’t actually protecting data. Public access with exceptions directly conflicts with the controlled handling required for CUI.

Access control for CUI hinges on confirming who is accessing data, what they are allowed to do, and keeping a record of those actions. The best description includes four interrelated elements: validating identity through user authentication, granting permissions via authorization tied to roles (role-based access control), enforcing those permissions so users can only perform what their role requires (least privilege), and continuously auditing access to monitor, review, and detect any inappropriate activity. This combination ensures that only authorized individuals with a legitimate need to know can reach CUI, and that there is accountability through logs and ongoing oversight.

Relying solely on password strength and screen locks misses the authorization and auditing pieces, so it doesn’t fully secure access. Policy documentation is important, but without enforcement and monitoring, rules aren’t actually protecting data. Public access with exceptions directly conflicts with the controlled handling required for CUI.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy