©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments “Another.

Slides:

Advertisements

Similar presentations

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Advertisements

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Program Managers Forum

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.

Ongoing Efforts to Build The US Federal PKI Bridge

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

Auditing of a Certification Authority Patrick Cain, CISA, CISM The Cooper-Cain Group, Inc.

Public Private Partnerships: What’s in it for my Government? 14 July 2011 Malcolm Butterfield.

1 When the Auditor Comes Knocking … What to Prepare and What to Expect from your CA auditor.

KPMG’s Abilities in Motion Network USBLN Annual Conference October 2012 kpmg.com.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

The U.S. Federal PKI and the Federal Bridge Certification Authority

Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Information Risk Management in the Audit Chapter 9 Presented by Julie Flaiz-Windham, Senior Manager KPMG LLP KPMG LLP.

Federal Bridge Certification Authority n Background n Overview n EMA Challenge Test structure n Participants n Results n Conclusions and lessons learned.

Single Audit (A-133) Chapter 9 Presented by Elisa Stilwell, Senior Manager KPMG LLP KPMG LLP.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.

TFTM Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities.

World Class Internal Audit Function Presentation to the Members of the Pune West Study Circle of ICAI CA Satish Shenoy, Larsen & Toubro Limited 27 th February.

IT Internal Audit Survey Overview of survey findings May 2009 IT ADVISORY ADVISORY.

OMB Circular A-123 Lessons Learned OMB Circular A-123 Lessons Learned FEDERAL ADVISORY Sean Hoffman Partner KPMG LLP.

© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A AUDIT / TAX / ADVISORY U.S.

AUDIT FEI Career Management Group Qualifications for a Successful CFO/Controller in Today's Market December 3, 2009.

Natives of Kodiak, Inc. September 20,2014 Beth Stuart kpmg.com.

Protecting Corporate Assets and the Brand in a Digitized, Global Environment July 29, 2013 Stacy-Ann Golding.

North American Accounting Society Developing the Auditor of the Future.

NMS Certification and Accreditation (C&A) Removal of Material Weakness for NMS Security and Access Controls Jim Craft USAID ISSO.

Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Factors Associated with IT Audits by the Internal Audit Function Discussant Comments October 2, 2009 INFORMATION RISK MANAGEMENT ADVISORY.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Legislation and Market Forces: PKI Drivers for the U. S. Mortgage Industry November 27, 2006 R. J. Schlecht Director, Industry Technology – Security &

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier.

Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

© 2012 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International,

© 2005 KPMG LLP, the Canadian member firm of KPMG International, a Swiss cooperative. All rights reserved. Family Business Succession Managing the All.

Who is the typical fraudster? Michael Peer Partner 16 June 2011.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

1 - 1 Audit Plan Formulation Audit Activity and Results Assess prior audit reviews and findings to determine where additional audit and follow-up activities.

Trade Compliance Considerations April 13, © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network.

Victoria’s education and training regulator VISTA – Quality and Compliance Conference Lynn Glover Director Friday, 5 July 2013.

DOEGrids Audit Report Michael Helm 1 Networking for the Future of Science Energy Sciences Network Lawrence Berkeley National Laboratory 10 May 2009.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

Capabilities Matrix Access and Authentication

Sound Financial Management

Privacy, Security, and Identity Management Update

U.S. Federal e-Authentication Initiative

NAAS 2.0 Features and Enhancements

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

U.T. System Federated Identity Management Update

Presentation transcript:

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments “Another Bump on the Road” Noel Nazario, IRM Manager KPMG

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Agenda Background PKI “Audit” Activities PKI and other Audit Activities What’s Next Discussion

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Background Qualifications –Noel Nazario is a manager in KPMG’s Washington DC, Information Risk Management Practice. He is the auditor for the U.S. Federal Bridge Certification Authority and several other agency PKI systems. Occasionally, he offers solicited and unsolicited input to the U.S. Federal PKI Certificate Policy Working Group, the FPKI Policy Authority, and the Federal Identity Credentialing Committee (FICC). Mr. Nazario is a NIST Alumni and has been involved in the development of PKI technology and management since the early 1990s. Who’s the Bump? Coping

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI “Audit” Activities X Framework for Developing Public Key Policy and Practices in the Financial Services Industry CA Control Objectives ABA PKI Assessment Guidelines AICPA/CICA Web Trust for CA FBCA Compliance Assessments Shared Service Provider Compliance

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI and other “Audit” Activities Certification & Accreditation (C&A) per OMB A-130 Federal Information Security Management Act (FISMA) Financial Audits

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 What’s Next? HSPD 12 Self Certifications Bridge to Bridge Cross Certifications Federation Compliance Registration Compliance Commoditization

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Discussion Q? A? Noel Nazario –