Presentation is loading. Please wait.

Presentation is loading. Please wait.

Supporting Advanced Scientific Computing Research Basic Energy Sciences Biological and Environmental Research Fusion Energy Sciences High Energy Physics.

Published bySamson Jennings Modified over 8 years ago

Similar presentations

Presentation on theme: "Supporting Advanced Scientific Computing Research Basic Energy Sciences Biological and Environmental Research Fusion Energy Sciences High Energy Physics."— Presentation transcript:

1 Supporting Advanced Scientific Computing Research Basic Energy Sciences Biological and Environmental Research Fusion Energy Sciences High Energy Physics Nuclear Physics Report from the NIST 800-53 Trenches Dan Peterson ESnet Security Officer drpeterson@es.net

2 Report from the NIST 800-53 Trenches Agenda –ESnet overview ESnet Mission ESnet the network ESnet infrastructure ESnet, an Enclave of LBNL –FISMA –Assessing ESnets Risk –Documenting Risk and Controls –Demo FIPS 199 Controls Procedures LBNL Policies Artifacts –Discussion Topics 2

3 ESnet’s Mission Primary mission is to enable the large-scale science that is the mission of the Department of Energy’s Office of Science by: –Facilitating the sharing of massive amounts of data –Networking thousands of collaborators world-wide –Enabling distributed data processing / management, simulation, visualization, and computational steering To accomplish this mission, ESnet provides reliable, high- bandwidth, networking and collaborative services to thousands of researchers across the country, whose work supports the Department of Energy’s goal of scientific innovation –~45 end user sites (16+ are NNSA or joint sponsored) –Between 75,000 – 100,000 users 3

4 ESnet4 – May 2009 4

5 ESnet Infrastructure ESnet infrastructure is comprised of: –30+ Full time Staff (we are currently staffing up) Three engineers are located in remote facilities –400+ hosts (UNIX, Windows, Apple and more) –100+ routers and switches Services provided by ESnet: –Networking, DNS, NTP, etc… –Authentication and Trust Federation (DOE grids CA) –Video/Audio Conferencing (ECS) 5

6 ESnet as an Enclave of LBNL 6

7 FISMA Not sure about FISMA compliance? –Adam Stone (LBNL) did a good talk about FISMA requirements and risk assessment at SEC 2009 Play NISTY for me (see references for link) The take away: –Avoid check box security –Take a holistic approach Risk Assessment Policies Dynamic Procedures Artifacts 7

8 Assessing ESnet Risk Level Define level of system risk –NIST 800-37 procedure –Computer Security Protection Plan (CSPP) –FIPS 199 FIPS 199 –A FIPS 199 security categorization serves as the starting point for the selection of security controls for an agency’s information system—controls that are commensurate with the importance of the information and information system to the agency. –Three security objectives in the FIPS 199: Confidentiality; Low, Moderate, High Integrity; Low, Moderate, High Availability; Low, Moderate, High ESnet is defined as, low, low, low –Defined by Office of Science (SC) Project Manager 8

9 Documenting Risk and Controls Set up two TWIKI webs –Controls web Documented ESnet risk level (FIPS 199) Converted the NIST 800-53 document to TWIKI format Documented ESnet policies –Including ATF controls specific to PKI Linked to Procedures –Procedures web Document procedures and artifacts Cross referenced procedures with the 800-53 control ID 9

10 DEMO FIPS 199 Controls Procedures LBNL Policies Artifacts 10

11 FIPS 199 11

12 Catalog of Controls 12

13 Controls 13

14 Procedures 14

15 Control ID to Procedure 15

16 Procedures 16

17 Artifacts 17

18 LBNL Regulations and Procedures Manual Computing and Communications 9.01 18

19 Conclusion Realistically define the risk level for the system Use the 800-53 as a place to document what policies are in place for your organization –Capture how security is done in both the policy and procedures –Address the NIST 800-53 control enhancements when writing the policy Policies and procedures that address a high level of control –Put them in the 800-53 ; its okay to answer higher controls if there is a policy or procedure already in place –Don’t answer controls outside your assessed risk level just because they are there Allow the procedures to be dynamic –Give sys-admin ownership of the procedure (as long as it meets the policy goals) –System administrators or service owners need to write the procedures and collect the artifacts –The sys-admins need to understand and follow the procedures to make them truly effective 19

20 References Adam Stone, Play NISTY for me http://net.educause.edu/SEC09/Program/1020687?PRODUCT_CODE=SEC09/SESS15 http://net.educause.edu/SEC09/Program/1020687?PRODUCT_CODE=SEC09/SESS15 NIST 800-37 –http://csrc.nist.gov/publications/drafts/800-37-Rev1/SP800-37-rev1-IPD.pdfhttp://csrc.nist.gov/publications/drafts/800-37-Rev1/SP800-37-rev1-IPD.pdf FIPS 199 –http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdfhttp://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf NIST 800-53 rev3 –http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final-errata.pdfhttp://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final-errata.pdf Special thanks to: –The NERSC security team security@nersc.gov –Adam Stone adstone@lbl.gov 20

Download ppt "Supporting Advanced Scientific Computing Research Basic Energy Sciences Biological and Environmental Research Fusion Energy Sciences High Energy Physics."

Similar presentations

Open Source Intelligence: Presented by Abe Lederman, President and CTO Deep Web Technologies, LLC IOP 06 Sheraton Premier, Tysons Corner, Virginia January.

Open Source Intelligence: Presented by Abe Lederman, President and CTO Deep Web Technologies, LLC IOP 06 Sheraton Premier, Tysons Corner, Virginia January.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Network Systems Sales LLC

Network Systems Sales LLC
U.S. Department of Energy’s Office of Science Basic Energy Sciences Advisory Committee Dr. Daniel A. Hitchcock October 21, 2003

U.S. Department of Energy’s Office of Science Basic Energy Sciences Advisory Committee Dr. Daniel A. Hitchcock October 21, 2003
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.

EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.
1 7/24/09 National Nuclear Security Administration Office of Defense Nuclear Security (DNS) DNS Security Lessons Learned Program Ted Wyka Director, Security.

1 7/24/09 National Nuclear Security Administration Office of Defense Nuclear Security (DNS) DNS Security Lessons Learned Program Ted Wyka Director, Security.
The DOE Science Grid Computing and Data Infrastructure for Large-Scale Science William Johnston, Lawrence Berkeley National Lab Ray Bair, Pacific Northwest.

The DOE Science Grid Computing and Data Infrastructure for Large-Scale Science William Johnston, Lawrence Berkeley National Lab Ray Bair, Pacific Northwest.
U.S. Department of Energy’s Office of Science Dr. Raymond Orbach February 25, 2003 Briefing for the Basic Energy Sciences Advisory Committee FY04 Budget.

U.S. Department of Energy’s Office of Science Dr. Raymond Orbach February 25, 2003 Briefing for the Basic Energy Sciences Advisory Committee FY04 Budget.
Computing and Data Infrastructure for Large-Scale Science Deploying Production Grids: NASA’s IPG and DOE’s Science Grid William E. Johnston

Computing and Data Infrastructure for Large-Scale Science Deploying Production Grids: NASA’s IPG and DOE’s Science Grid William E. Johnston
1 IT is About The Mission Randy Humphries Jr. Chief Information Officer NASA Glenn Research Center.

1 IT is About The Mission Randy Humphries Jr. Chief Information Officer NASA Glenn Research Center.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.

US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.

Similar presentations

Ads by Google