Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.

Published byMalakai Diggins Modified over 9 years ago

Similar presentations

Presentation on theme: "Defense Security Service. DSS Update DSS Changing With A Changing Security Environment."— Presentation transcript:

1 Defense Security Service

2 DSS Update DSS Changing With A Changing Security Environment

3 DSS Update FY12 in Review: Conducted 8,162 security vulnerability assessments Identified 12,700 security vulnerabilities, tracked all through mitigation 3,150 FCL requests processed vice 2,500 in FY11  Issued 1,968 facility security clearances (1,558 final, 410 interims) Issued 6,574 accreditations  2,397 ATOs, average 83 days  2,479 IATOs, average 15 days  1,698 Straight to ATO, average 14 days 234,686 Adjudication actions  IRTPA - average 8 days Made 355 cyber notifications

4 FY12 in Review Changed vernacular:  Assessments vs Inspections  Vulnerabilities vs Deficiencies and Findings New Workload Prioritization – “Right Facility at the Right Time”  Focus on identification and mitigation of security vulnerabilities Security Rating Matrix Implemented Cyber Notification Process Initiated pre-CCRI visits and continued preparation to assume mission from DISA DISCO merged into the DoDCAF  Stand-up of Personnel Security Management and Oversight for Industry (PSMO-I) DSS Update

5 FY12 in Review VOI Survey Results  94% satisfied/somewhat satisfied with DSS guidance and support  87% agree that their facility has a strong partnership with DSS  90% rated DSS as excellent/good in the area of industrial security program vulnerability identification and mitigation Two New Regional Directors Selected – Southern Region and Capital Region Partnership with Industry  17 exchanges  17 active industry partners  25 exchanges planned for FY13 DSS Update

6 f Threat, Vulnerability Assessments IT Accreditations CCRIs Security Clearance Process Vulnerability, Suspicious Contact Reports IIRs Referrals for Action Cyber\Threat Notifications Risk Based Prioritization Company Assessments Program Assessments FOCI Analysis CFIUS Reviews Risk Consequence Value Managing Risk … Cleared Industry = { { Security Education Security Training Security Professionalization

7 THREAT Vulnerability Assessments

8 Assessment Ratings FY12 vs FY13 Vulnerability Assessments

9 Top Ten Vulnerabilities (49% of total): 02-200 Personnel Security Clearances - General (incl. 02-200B Deny Access for Deny Revoke or Suspension PCLs) 02-202 Procedures for Completing the Electronic Version of the SF 86 (incl. 02-202A SF86 Data Protection and Official Use, 02-202B SF86 Data Retention and Destruction) 03-107 Refresher Training 08-602 Audit Capability (incl. 08-602A 1 Automated Audit Trail, 08-602A 3 Audit Trail Analysis) 03-102 FSO Training 01-304 Individual Culpability Reports 01-206 Security Reviews (incl. 01-206B Contractor Reviews) 01-302 Reports to be Submitted to the CSA (incl. 01-302G Change Conditions Affecting the FCL) 02-212 Consultants 10-706 NATO Briefings Vulnerability Assessments

10 Top Ten Acute/Critical Vulnerabilities (59% of total): 08-602 Audit Capability (incl. 08-602A 3 Audit Trail Analysis) 02-200 - PERSONNEL SECURITY CLEARANCES - General (incl. 02-200B Deny Access for Deny Revoke or Suspension PCLs) 08-202 Accreditation 01-302 Reports to be Submitted to the CSA (incl. 01-302G Change Conditions Affecting the FCL) 02-104 PCLs Required in Connection with the FCL 02-201 Investigative Requirements 08-305 Malicious Code 01-303 Reports of Loss, Compromise, or Suspected Compromise 08-311 Configuration Management 05-309 Changing Combinations (incl. 05-309B Employee with Knowledge Combination Change) Vulnerability Assessments

11 Top five deficiencies we’re seeing in System Security Plans: SSP was incomplete or missing attachments Inaccurate or incomplete configuration diagram Sections in general procedures contradict protection profile Integrity & availability not properly addressed SSP was not tailored to the system Top five vulnerabilities we’re seeing during visits: Inadequate auditing controls Security Relevant Objects not protected Inadequate configuration management Improper session controls Identification & authentication controls IT Vulnerabilities

12 CI Award 20% of industry is reporting – Only 10% reporting “actionable” SCRs  Goal is 40% of industry reporting “actionable” SCRs Cyber Incident reporting has doubled, still ~ three (3) percent New CI awareness and analytical products Better define the threat More timely, focused products -- individual company assessments Expanded distribution of products Pushing classified threat, including cyber Deeper look into supply chain and unclassified subcontract vulnerabilities New CI course, Thwarting the Enemy 40,000 course completions in first year CI Integration

13 Training Initiatives Two curriculum tracks for FSOs American Council on Education (ACE) Credit Equivalency recommendations for several courses Two new awareness courses available outside of STEPP Professionalization Education and Training

14 Looking ahead Continuous Evaluation Pilot New CI Resources FSO Toolkit Call Center Transition Rating Matrix II Technology  OBMS  CAC/PKI  254 database Electronic Fingerprint

15 Social Media @DSSPublicAffair @TheCDSE Like Us on facebook 15

16 16 Questions?

Download ppt "Defense Security Service. DSS Update DSS Changing With A Changing Security Environment."

Similar presentations

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
File Management Tips and Suggestions FISWG/NCMS Winter Training Event December 17 th, 2014 Dela Williams Facility Security Officer.

File Management Tips and Suggestions FISWG/NCMS Winter Training Event December 17 th, 2014 Dela Williams Facility Security Officer.
1 2004 OMB Exhibit 53 Changes Briefing Presented by the Office of the Chief Information Officer June 5, 2002.

OMB Exhibit 53 Changes Briefing Presented by the Office of the Chief Information Officer June 5, 2002.
Section Six: Foreign Ownership, Control, or Influence (FOCI)

Section Six: Foreign Ownership, Control, or Influence (FOCI)
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
ISP Preparation Series 1 – Chapter 7. NISPOM Chapter 7 – Subcontracting Acronyms CSCS:Contract Security Classification Specification (DD Form 254) CSA:Cognizant.

ISP Preparation Series 1 – Chapter 7. NISPOM Chapter 7 – Subcontracting Acronyms CSCS:Contract Security Classification Specification (DD Form 254) CSA:Cognizant.
Defense Security Service Facility Clearance Branch (FCB)

Defense Security Service Facility Clearance Branch (FCB)
What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,

What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,
NISPOM Update for JSAC Workshop

NISPOM Update for JSAC Workshop
INDUSTRIAL SECURITY FACILITIES DATABASE (ISFD)

INDUSTRIAL SECURITY FACILITIES DATABASE (ISFD)
1 Office of the Designated Approving Authority (ODAA) April 2008.

1 Office of the Designated Approving Authority (ODAA) April 2008.
ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov 2013 1 Nov 2013.

ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov Nov 2013.
Clearance Processing Back To The Basics Presented By Mallory Howard

Clearance Processing Back To The Basics Presented By Mallory Howard
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009.

UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Justin Walsh FOCI Program Manager Industrial Security Field Operations.

Justin Walsh FOCI Program Manager Industrial Security Field Operations.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
ODAA Update Agenda ODAA Business Management System (OBMS) Deployment

ODAA Update Agenda ODAA Business Management System (OBMS) Deployment

Similar presentations

Ads by Google