Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System.

Published byDarleen Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System."— Presentation transcript:

1 Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System SSP Subordinate System SSP Management Reporting Management Reporting Training & Quarterly Workshops Training & Quarterly Workshops Demonstration Days Demonstration Days Friday (3/16): 9am - noon Friday (3/16): 9am - noon Monday (3/19): 9am - noon Monday (3/19): 9am - noon Cyber Security Assessment & Management CSAM Highlight of Capabilities Comprehensive FISMA Compliance, Management & Reporting Five Services, One Complete FISMA Solution 1 2 3 4 5

2 Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities - Privileges Roles – Responsibilities - Privileges Standards Standards Program Management Plan Program Management Plan Subordinate System SSP Subordinate System SSP Management Reporting Management Reporting Training & Quarterly Workshops Training & Quarterly Workshops Cyber Security Assessment & Management CSAM 1 2 3 4 5

3 Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities – Privileges Roles – Responsibilities – Privileges Standards Standards Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance

4 Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities – Privileges Roles – Responsibilities – Privileges Standards Standards Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance

5 Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities – Privileges Roles – Responsibilities – Privileges Standards Standards Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance Security Control Set Test Cases Expected Results Compliance Guidance &Descriptions Subject Matter Expertise

6 Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Templates & Templates Document Templates & Templates PMP Table of Contents PMP Table of Contents Cyber Security Assessment & Management Program Management Plan

7 Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Templates & Templates Document Templates & Templates PMP Table of Contents PMP Table of Contents Cyber Security Assessment & Management Program Management Plan

8 Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Appendices & Templates Document Appendices & Templates PMP Table of Contents PMP Table of Contents Cyber Security Assessment & Management Program Management Plan $14,903

9 Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Appendices Document Appendices & Templates & Templates Table of Contents Table of Contents Cyber Security Assessment & Management Program Management Plan

10 Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Appendices Document Appendices & Templates & Templates Table of Contents Table of Contents Cyber Security Assessment & Management Program Management Plan Enterprise Program Management Plan Table of Contents Missions, Strategic Goals, Objectives, Systems IT Security Management Strategy Core Program Management Approach Organization of the IT Security Program IT Security Program External Guidance IT Security Program External Interfaces Roles & Responsibilities FISMA Reporting Program Implementation IT Security Goals and Action Plans

11 System Security Plan (SSP) System Security Plan (SSP) Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP SSP Risk Assessment Threats-Impact Risk Control Requirements (Linked to policy (SRTM) 1. System Identification 2. System Operational Status 3. General Description/ Purpose 4. System Environment 5. System Interconnections/Information Sharing 6. Sensitivity of Information Handled 7. Planning for Security in the Life Cycle 8. Security Control Measures Appendix D: Requirements (RTM) Appendix E: ST&E Plan And Procedures Appendix F: Certification Results Appendix G: Risk Assessment (RA) Results Appendix H: Certifier’s Recommendation Appendix I: System Security Policy Appendix J: System Rules of Behavior (ROB) Appendix K: Security Operating Procedures Appendix L: Contingency Plan(s) Appendix M: Security Awareness Training Plan Appendix O: Incident Response Plan Appendix P: MOA/Service Level Agreements (SLA) Appendix Q: Configuration Management Plan Appendix R: Accreditation Statement & Documentation Appendix S & T: Hardware & Software Listings Appendix U: C&A Schedule SSP Appendices SSP

12 SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP RTM Factor scoping

13 SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP 800-60 Reference material

14 SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP

15 SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP

16 SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP AUTO-GENERATED POA&Ms

17 SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP

18 SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP

19 OrgJOrgJ OrgDOrgD OrgEOrgE OrgFOrgF OrgIOrgI OrgCOrgC OrgHOrgH OrgBOrgB OrgGOrgG OrgAOrgA Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting FISMA REPORTS AGENCY DASHBOARD (PERFORMANCE METRIX & COMPLIANCE STATUS)

20 Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting FISMA REPORTS AUDIT LOGS

21 Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting SYSTEM SECURITY PLAN (WITH HYPERLINKS)

22 Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting

23 Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting PTA PIA

24 Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting

25 Cyber Security Assessment & Management Training Annual Training Requirement Leadership Track Response Track Planning Track IT Security Operations and Technology Track Executive Overview4/5, 4/20, 5/18 Incident Response1/31, 2/06, 3/07 IT Contingency Planning1/31, 2/06, 3/07 IT Sec Planning & Mgmt4/19, 5/17, 6/21 Separation of DutiesAvail Online 4/1 Protecting the Computing Environ.3/22, 4/19, 5/17, 6/21 Security Expressions @DOJtbd Foundstone @DOJ3/29 Vulnerability & Config Sec Mgmt3/21, 4/18, 5/16, 6/20 AppDetective @DOJtbd CIO, AO CISO CA ALL ISSM, ISSO ALL ISSM, ISSO SA Resp for FS Resp for SE Resp for AD Resp for CP Resp for IR Quarterly CSAM Toolkit Cyber Sec. Assessment & Mgmt Training for new users3 rd Fri each month Training Workshop3 rd Fri each month CA, ISSM, ISSO, SA, Aud., User Reps

26 CSAM C&A Web Architecture SQL Server 2005 DatabaseApplication Web Server CSAM C&A Client Website ASP.NET 2.x Website Runs on IIS 5.1 or later Uses Crystal Reports Runtime Browsers: Internet Explorer Netscape SSP Generator Application VB.NET Application Processes SSP Requests Returns Completed SSP to Database Uses Microsoft Word to Generate Documents C&A Web Daily Process VB.NET Application Removes Temporary Files when no longer needed Nightly processing to run account management and POA&M approval routines.

27 TrustedAgent Architecture  OS: Windows Server Platform  Database: Oracle 8i,9i, 10g  Web/App Server: Tomcat 4.x, 5.x, JRUN 4.x, IIS 5+, Apache1.3+  Browser: Internet Explorer 5.5+, Netscape 7.1+  Memory: 4 GB+  Disk space: 100 GB+  Processing: 2 CPUs; 2+ GHz or higher processing speed each Industry Standard! Scalable Technology!

28 Familiarization Demonstrations: Familiarization Demonstrations: Friday, March 16th: 9am – noon Friday, March 16th: 9am – noon Monday, March 19th: 9am – noon Monday, March 19th: 9am – noon Target audience: SSC Solutions Decision Makers Target audience: SSC Solutions Decision Makers C&A Functional Users C&A Functional Users IT Configuration Technicians IT Configuration Technicians For further information* : For further information* : DOJLOBCSAM@usdoj.gov DOJLOBCSAM@usdoj.gov DOJLOBCSAM@usdoj.gov Ken GandolaJim Leahy Ken GandolaJim Leahy 202-353-0081202-353-8741 202-353-0081202-353-8741 Kenneth.d.gandola@usdog.govjames.t.leahy@usdoj.gov Kenneth.d.gandola@usdog.govjames.t.leahy@usdoj.govKenneth.d.gandola@usdog.gov Cyber Security Assessment & Management CSAM * Please have agency project leads coordinate inputs for your agency or identify your position and project role with your inquiry. Reservations Required

Download ppt "Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System."

Similar presentations

17th February, 2000 by Maciej Korzeniowski (CERN-IT-IA-MI) 1 Oracle Discoverer 3.1 - Product Presentation  This is an ad hoc query and analysis tool for.

17th February, 2000 by Maciej Korzeniowski (CERN-IT-IA-MI) 1 Oracle Discoverer Product Presentation  This is an ad hoc query and analysis tool for.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Deploying GMP Applications Scott Fry, Director of Professional Services.

Deploying GMP Applications Scott Fry, Director of Professional Services.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Reachwell – An Enterprise Asset & Workspace Management System

Reachwell – An Enterprise Asset & Workspace Management System
Virtual SharePoint Summit 2010 hosted by Rackspace Overcoming Collaboration Challenges with SharePoint Chris Samson Leslie Sistla Virtual SharePoint Summit.

Virtual SharePoint Summit 2010 hosted by Rackspace Overcoming Collaboration Challenges with SharePoint Chris Samson Leslie Sistla Virtual SharePoint Summit.
E.halFILE Overview Session V. What is e.halFILE? Thin client, browser-based Brings halFILE documents to the Internet / Intranet No publishing required.

E.halFILE Overview Session V. What is e.halFILE? Thin client, browser-based Brings halFILE documents to the Internet / Intranet No publishing required.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Understanding Active Directory

Understanding Active Directory
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer

Information Systems Security Officer
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Similar presentations

Ads by Google