Presentation is loading. Please wait.

Presentation is loading. Please wait.

CDS CERTIFICATION AND ACCREDITATION PROCESS

Published byRuby Williams Modified over 8 years ago

Similar presentations

Presentation on theme: "CDS CERTIFICATION AND ACCREDITATION PROCESS"— Presentation transcript:

1 CDS CERTIFICATION AND ACCREDITATION PROCESS
David Wallick Chief, Navy Cross Domain Solutions Office SPAWAR Atlantic IA Division (843)

2 CDS Stakeholders SPAWAR Atlantic Local DAA (NETWARCOM)
Navy CDS Office (Certification Authority) CDS Engineering CDS Certification Test and Evaluation (CT&E) Local DAA (NETWARCOM) Unified Cross Domain Management Office (UCDMO) Defense Security Accreditation Working Group (DSAWG), Cross Domain Technical Advisory Board (CDTAB) National Security Agency (NSA) Director of National Intelligence (DNI) Unclassified//FOUO

3 Phase 1 – Requirements Validation
Baseline CDS Modified Baseline CDS 2 CDSO Analysis Community Jury PMO CDSAP Phase 1 CDA, SEE, *VLAR Criteria 3 New Development DISA CD Enterprise *Very Low Risk This phase looks at CDS requirements. CDSO guides PMO. CDSO represents PMO at the board meetings. CDTAB rep(s) will make recommendation to Community Jury. * For VLoR process, there are 16 criteria to be met. Unclassified//FOUO

4 Phase 2 – Solution Development and Evaluation
Phase 2 CDA, ST&E Plan, Solution CONOPS PMO Baseline CDS Modified Baseline CDS Phase 2 Risk Assessment CDTAB DSAWG IATC DISA CD Enterprise *Very Low Risk ST&E ATO New Development CT&E (lab) CDSO conducts Phase 2 risk assessment and brief CDTAB. Modified Baseline CDS may require CT&E. DISA CDSO handles all enterprise candidates. CDSO determines what testing (site and/or lab) needs to be done for VLoR. Local DAA grants ATO for VLoR. Unclassified//FOUO

5 Phase 3 – Solution Validation
Baseline CDS Phase 3 CDA, ST&E Report PMO Modified Baseline CDS Phase 3 Risk Assessment CDTAB DSAWG ATC DISA CD Enterprise New Development PMO rep conducts Security Test and Evaluation (ST&E). CDSO conducts Phase 3 risk assessment and brief CDTAB. DSAWG approves Approval to Connect (ATC) for up to one year. Unclassified//FOUO

6 Phase 4 – Continuous Monitoring
ATC for one year Annual revalidation Requires inspection of system to verify configuration hasn’t changed Any change to CDS requires opening a new request with CDSO Unclassified//FOUO

7 Certification Process
Security Design Review (SDR) – IC + DoD Test Readiness Review (TRR) – documentation, IV&V, test lab Certification testing – NIST SP Risk assessment DoD – Risk Decision Authorization Criteria (RDAC) UCDMO – TBD Submit risk to CDTAB and DSAWG Unclassified//FOUO

8 Questions ? Unclassified//FOUO

9 Backup Slides Unclassified//FOUO

10 Risk Management Framework (SP 800.37)
Very Low Risk (VLoR) QUALIFICATION Determine if the requirement is truly VLoR through answering very specific questions under the criteria categories. VALIDATION Controls tailoring against the LLL NIST Controls Profile Determine level of verification and testing Certification and Accreditation activities CONTINOUS MONITORING Steps to ensure Annual revalidation occurs Phase 1 Phase 2 Phase 3 Categorize Select Implement Assess Authorize Monitor Risk Management Framework (SP ) Unclassified//FOUO

11 CDS Timeline Phase 0 - Expected Duration 105 Days, unless new or modified CDS is required (PMO) Initiate CDS discussion with CDSO and DAA (PMO) Registers CDS request on NTIRA/UNTS (PMO/NCDSO) Develop Phase 1 Cross Domain Appendix (CDA) (NCDSO) Concur requirement on NTIRA (NNWC N8/OPNAV) CDS requirements validation (NNWC) Send Second Echelon Endorsement to CNO (NCDSO) Cross Domain Solution Ticket Request Phase I - Expected Duration 30 Days (NCDSO/PMO) Brief CDSAP (part of CDTAB) on CDS technical feasibility, who recommends approval (PMO) Brief Community Jury (part of DSAWG), who evaluates the community risk associated with the CDS and approves (CNO) Provide CDS prioritization per CC/S/A quarterly (CCAO) Create a ticket as a result Unclassified//FOUO

12 CDS Timeline (cont’d) Phase II - Expected Duration 2 Months (for Baseline CDS) (PMO/NCDSO) Decide on which CDS to use (PMO/NCDSO/CDS PM) Phase 2 CDA, ST&E plan, Data Owner’s Guidance (DOG) (NSA) Conducts CT&E for new CDS (NSA) RDAC testing (NSA) Penetration testing (CDTAB) Technical Risk Rating (NCDSO) Conduct data and threat risk assessment of CDS (NCDSO/PMO) Brief CDTAB on risk assessment (PMO) Brief DSAWG on risk assessment (Site/PMO/NNWC) Update site accreditation documentation (SSAA, topology, SCQ, Accr Letter, etc) to prepare for site installation and ST&E (DSAWG) IATC is granted as a result Unclassified//FOUO

13 CDS Timeline (cont’d) Phase III – Expected Duration 4 Months
(Site/PMO) Install CDS/system (PMO/CDS PM) Conduct ST&E at site and submit results to NSA (PMO/NCDSO) Phase 3 CDA (NSA) Evaluate the ST&E and Phase 3 CDA for final risk assessment (CDTAB) Analyze Phase 3 risk assessment (DSAWG) Analyze risk assessment and grant ATC (NNWC) Grant ATO for 1 year Phase IV - (Operations) Usually no work on our part (PMO/User) Operations (PMO) Annual revalidation (NCDSO/CDTAB/DSAWG/NNWC) Annual ATO + ATC Unclassified//FOUO

Download ppt "CDS CERTIFICATION AND ACCREDITATION PROCESS"

Similar presentations

NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.

NIST Special Publication , “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
PAGE www.fedramp.gov Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO www.fedramp.gov.

PAGE Quick Guide to the FedRAMP Readiness Process 1 August 2014 Presented by: FedRAMP PMO
Enterprise Continuous Monitoring Program Training Date.

Enterprise Continuous Monitoring Program Training Date.
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
1 Office of the Designated Approving Authority (ODAA) April 2008.

1 Office of the Designated Approving Authority (ODAA) April 2008.
IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
State Homeland Security Assessment and Strategy Program State Process and SHSS.

State Homeland Security Assessment and Strategy Program State Process and SHSS.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
1. 2 3 4 5  European Commission  EU Member States  Proper implementation of STCW  Qualified seafarers on board EU ships  On behalf of the 27 MS.

 European Commission  EU Member States  Proper implementation of STCW  Qualified seafarers on board EU ships  On behalf of the 27 MS.
Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.

Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Similar presentations

Ads by Google