Download presentation
Presentation is loading. Please wait.
Published byDarleen Ferguson Modified over 9 years ago
1
Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Program Management Plan Program Management Plan Subordinate System SSP Subordinate System SSP Management Reporting Management Reporting Training & Quarterly Workshops Training & Quarterly Workshops Demonstration Days Demonstration Days Friday (3/16): 9am - noon Friday (3/16): 9am - noon Monday (3/19): 9am - noon Monday (3/19): 9am - noon Cyber Security Assessment & Management CSAM Highlight of Capabilities Comprehensive FISMA Compliance, Management & Reporting Five Services, One Complete FISMA Solution 1 2 3 4 5
2
Risk-Based Policy & Implementation Guidance Risk-Based Policy & Implementation Guidance Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities - Privileges Roles – Responsibilities - Privileges Standards Standards Program Management Plan Program Management Plan Subordinate System SSP Subordinate System SSP Management Reporting Management Reporting Training & Quarterly Workshops Training & Quarterly Workshops Cyber Security Assessment & Management CSAM 1 2 3 4 5
3
Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities – Privileges Roles – Responsibilities – Privileges Standards Standards Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance
4
Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities – Privileges Roles – Responsibilities – Privileges Standards Standards Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance
5
Threats and Vulnerabilities Threats and Vulnerabilities Roles – Responsibilities – Privileges Roles – Responsibilities – Privileges Standards Standards Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance Security Control Set Test Cases Expected Results Compliance Guidance &Descriptions Subject Matter Expertise
6
Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Templates & Templates Document Templates & Templates PMP Table of Contents PMP Table of Contents Cyber Security Assessment & Management Program Management Plan
7
Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Templates & Templates Document Templates & Templates PMP Table of Contents PMP Table of Contents Cyber Security Assessment & Management Program Management Plan
8
Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Appendices & Templates Document Appendices & Templates PMP Table of Contents PMP Table of Contents Cyber Security Assessment & Management Program Management Plan $14,903
9
Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Appendices Document Appendices & Templates & Templates Table of Contents Table of Contents Cyber Security Assessment & Management Program Management Plan
10
Enterprise System Inventory Enterprise System Inventory Performance Dashboard Performance Dashboard Cost Guidance Cost Guidance Document Appendices Document Appendices & Templates & Templates Table of Contents Table of Contents Cyber Security Assessment & Management Program Management Plan Enterprise Program Management Plan Table of Contents Missions, Strategic Goals, Objectives, Systems IT Security Management Strategy Core Program Management Approach Organization of the IT Security Program IT Security Program External Guidance IT Security Program External Interfaces Roles & Responsibilities FISMA Reporting Program Implementation IT Security Goals and Action Plans
11
System Security Plan (SSP) System Security Plan (SSP) Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP SSP Risk Assessment Threats-Impact Risk Control Requirements (Linked to policy (SRTM) 1. System Identification 2. System Operational Status 3. General Description/ Purpose 4. System Environment 5. System Interconnections/Information Sharing 6. Sensitivity of Information Handled 7. Planning for Security in the Life Cycle 8. Security Control Measures Appendix D: Requirements (RTM) Appendix E: ST&E Plan And Procedures Appendix F: Certification Results Appendix G: Risk Assessment (RA) Results Appendix H: Certifier’s Recommendation Appendix I: System Security Policy Appendix J: System Rules of Behavior (ROB) Appendix K: Security Operating Procedures Appendix L: Contingency Plan(s) Appendix M: Security Awareness Training Plan Appendix O: Incident Response Plan Appendix P: MOA/Service Level Agreements (SLA) Appendix Q: Configuration Management Plan Appendix R: Accreditation Statement & Documentation Appendix S & T: Hardware & Software Listings Appendix U: C&A Schedule SSP Appendices SSP
12
SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP RTM Factor scoping
13
SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP 800-60 Reference material
14
SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP
15
SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP
16
SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP AUTO-GENERATED POA&Ms
17
SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP
18
SSP SSP Scope Scope Category Category Inheritance (common controls) Inheritance (common controls) Artifacts Artifacts POA&Ms POA&Ms Cyber Security Assessment & Management Subordinate System SSP
19
OrgJOrgJ OrgDOrgD OrgEOrgE OrgFOrgF OrgIOrgI OrgCOrgC OrgHOrgH OrgBOrgB OrgGOrgG OrgAOrgA Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting FISMA REPORTS AGENCY DASHBOARD (PERFORMANCE METRIX & COMPLIANCE STATUS)
20
Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting FISMA REPORTS AUDIT LOGS
21
Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting SYSTEM SECURITY PLAN (WITH HYPERLINKS)
22
Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting
23
Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting PTA PIA
24
Enterprise Enterprise System System Regulatory Regulatory Ad hoc Ad hoc Cyber Security Assessment & Management Management Reporting
25
Cyber Security Assessment & Management Training Annual Training Requirement Leadership Track Response Track Planning Track IT Security Operations and Technology Track Executive Overview4/5, 4/20, 5/18 Incident Response1/31, 2/06, 3/07 IT Contingency Planning1/31, 2/06, 3/07 IT Sec Planning & Mgmt4/19, 5/17, 6/21 Separation of DutiesAvail Online 4/1 Protecting the Computing Environ.3/22, 4/19, 5/17, 6/21 Security Expressions @DOJtbd Foundstone @DOJ3/29 Vulnerability & Config Sec Mgmt3/21, 4/18, 5/16, 6/20 AppDetective @DOJtbd CIO, AO CISO CA ALL ISSM, ISSO ALL ISSM, ISSO SA Resp for FS Resp for SE Resp for AD Resp for CP Resp for IR Quarterly CSAM Toolkit Cyber Sec. Assessment & Mgmt Training for new users3 rd Fri each month Training Workshop3 rd Fri each month CA, ISSM, ISSO, SA, Aud., User Reps
26
CSAM C&A Web Architecture SQL Server 2005 DatabaseApplication Web Server CSAM C&A Client Website ASP.NET 2.x Website Runs on IIS 5.1 or later Uses Crystal Reports Runtime Browsers: Internet Explorer Netscape SSP Generator Application VB.NET Application Processes SSP Requests Returns Completed SSP to Database Uses Microsoft Word to Generate Documents C&A Web Daily Process VB.NET Application Removes Temporary Files when no longer needed Nightly processing to run account management and POA&M approval routines.
27
TrustedAgent Architecture OS: Windows Server Platform Database: Oracle 8i,9i, 10g Web/App Server: Tomcat 4.x, 5.x, JRUN 4.x, IIS 5+, Apache1.3+ Browser: Internet Explorer 5.5+, Netscape 7.1+ Memory: 4 GB+ Disk space: 100 GB+ Processing: 2 CPUs; 2+ GHz or higher processing speed each Industry Standard! Scalable Technology!
28
Familiarization Demonstrations: Familiarization Demonstrations: Friday, March 16th: 9am – noon Friday, March 16th: 9am – noon Monday, March 19th: 9am – noon Monday, March 19th: 9am – noon Target audience: SSC Solutions Decision Makers Target audience: SSC Solutions Decision Makers C&A Functional Users C&A Functional Users IT Configuration Technicians IT Configuration Technicians For further information* : For further information* : DOJLOBCSAM@usdoj.gov DOJLOBCSAM@usdoj.gov DOJLOBCSAM@usdoj.gov Ken GandolaJim Leahy Ken GandolaJim Leahy 202-353-0081202-353-8741 202-353-0081202-353-8741 Kenneth.d.gandola@usdog.govjames.t.leahy@usdoj.gov Kenneth.d.gandola@usdog.govjames.t.leahy@usdoj.govKenneth.d.gandola@usdog.gov Cyber Security Assessment & Management CSAM * Please have agency project leads coordinate inputs for your agency or identify your position and project role with your inquiry. Reservations Required
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.