Date post: | 15-Jan-2016 |
Category: |
Documents |
Upload: | darleen-ferguson |
View: | 217 times |
Download: | 0 times |
Risk-Based Policy & Implementation Risk-Based Policy & Implementation GuidanceGuidance
Program Management PlanProgram Management Plan
Subordinate System SSPSubordinate System SSP
Management ReportingManagement Reporting
Training & Quarterly WorkshopsTraining & Quarterly Workshops Demonstration DaysDemonstration Days
Friday (3/16): 9am - noonFriday (3/16): 9am - noon Monday (3/19): 9am - noonMonday (3/19): 9am - noon
Cyber Security Assessment & Management
CSAM Highlight of Capabilities
Comprehensive FISMA Compliance, Management & ReportingFive Services, One Complete FISMA Solution
1
2
3
4
5
Risk-Based Policy & Risk-Based Policy & Implementation GuidanceImplementation Guidance
Threats and VulnerabilitiesThreats and Vulnerabilities Roles – Responsibilities - PrivilegesRoles – Responsibilities - Privileges StandardsStandards
Program Management PlanProgram Management Plan
Subordinate System SSPSubordinate System SSP
Management ReportingManagement Reporting
Training & Quarterly WorkshopsTraining & Quarterly Workshops
Cyber Security Assessment & Management
CSAM
1
2
3
4
5
Threats and VulnerabilitiesThreats and Vulnerabilities Roles – Responsibilities – PrivilegesRoles – Responsibilities – Privileges StandardsStandards
Cyber Security Assessment & ManagementRisk-Based Policy & Implementation Guidance
Threats and VulnerabilitiesThreats and Vulnerabilities
Roles – Responsibilities – PrivilegesRoles – Responsibilities – Privileges StandardsStandards
Cyber Security Assessment & ManagementRisk-Based Policy & Implementation Guidance
Threats and VulnerabilitiesThreats and Vulnerabilities Roles – Responsibilities – PrivilegesRoles – Responsibilities – Privileges
StandardsStandards
Cyber Security Assessment & ManagementRisk-Based Policy & Implementation Guidance
Security Control Set Test Cases Expected Results Compliance Guidance &Descriptions Subject Matter Expertise
Enterprise System InventoryEnterprise System Inventory Performance DashboardPerformance Dashboard Cost GuidanceCost Guidance Document Templates & TemplatesDocument Templates & Templates PMP Table of ContentsPMP Table of Contents
Cyber Security Assessment & Management
Program Management Plan
Enterprise System InventoryEnterprise System Inventory
Performance DashboardPerformance Dashboard Cost GuidanceCost Guidance Document Templates & TemplatesDocument Templates & Templates PMP Table of ContentsPMP Table of Contents
Cyber Security Assessment & Management
Program Management Plan
Enterprise System InventoryEnterprise System Inventory Performance DashboardPerformance Dashboard
Cost GuidanceCost Guidance Document Appendices & TemplatesDocument Appendices & Templates PMP Table of ContentsPMP Table of Contents
Cyber Security Assessment & Management
Program Management Plan
$14,903
Enterprise System InventoryEnterprise System Inventory Performance DashboardPerformance Dashboard Cost GuidanceCost Guidance
Document AppendicesDocument Appendices
& Templates& Templates Table of ContentsTable of Contents
Cyber Security Assessment & Management
Program Management Plan
Enterprise System InventoryEnterprise System Inventory Performance DashboardPerformance Dashboard Cost GuidanceCost Guidance Document AppendicesDocument Appendices
& Templates& Templates
Table of ContentsTable of Contents
Cyber Security Assessment & Management
Program Management Plan
Enterprise Program Management Plan Table of Contents• Missions, Strategic Goals, Objectives, Systems• IT Security Management Strategy• Core Program Management Approach• Organization of the IT Security Program• IT Security Program External Guidance• IT Security Program External Interfaces• Roles & Responsibilities• FISMA Reporting• Program Implementation• IT Security Goals and Action Plans
System Security Plan (SSP)System Security Plan (SSP) ScopeScope CategoryCategory Inheritance (common controls)Inheritance (common controls) ArtifactsArtifacts POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
SSP•Risk Assessment•Threats-Impact•Risk Control Requirements•(Linked to policy (SRTM)
1. System Identification2. System Operational Status3. General Description/ Purpose4. System Environment 5. System Interconnections/Information Sharing6. Sensitivity of Information Handled7. Planning for Security in the Life Cycle8. Security Control Measures
Appendix D: Requirements (RTM) Appendix E: ST&E Plan And ProceduresAppendix F: Certification ResultsAppendix G: Risk Assessment (RA) ResultsAppendix H: Certifier’s RecommendationAppendix I: System Security PolicyAppendix J: System Rules of Behavior (ROB) Appendix K: Security Operating ProceduresAppendix L: Contingency Plan(s) Appendix M: Security Awareness Training PlanAppendix O: Incident Response PlanAppendix P: MOA/Service Level Agreements (SLA) Appendix Q: Configuration Management PlanAppendix R: Accreditation Statement & DocumentationAppendix S & T: Hardware & Software Listings Appendix U: C&A Schedule
SSP Appendices
SSP
SSPSSP
ScopeScope CategoryCategory Inheritance (common controls)Inheritance (common controls) ArtifactsArtifacts POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
RTM Factor scoping
SSPSSP ScopeScope
CategoryCategory Inheritance (common controls)Inheritance (common controls) ArtifactsArtifacts POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
800-60 Reference material
SSPSSP ScopeScope CategoryCategory
Inheritance (common controls)Inheritance (common controls) ArtifactsArtifacts POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
SSPSSP ScopeScope CategoryCategory Inheritance (common controls)Inheritance (common controls)
ArtifactsArtifacts POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
SSPSSP ScopeScope CategoryCategory Inheritance (common controls)Inheritance (common controls) ArtifactsArtifacts
POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
AUTO-GENERATED POA&Ms
SSPSSP ScopeScope CategoryCategory Inheritance (common controls)Inheritance (common controls) ArtifactsArtifacts
POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
SSPSSP ScopeScope CategoryCategory Inheritance (common controls)Inheritance (common controls) ArtifactsArtifacts
POA&MsPOA&Ms
Cyber Security Assessment & Management
Subordinate System SSP
Org
J
Org
D
O
r
g
E
Org
FOrg
I
Org
C
Org
H
Org
B
Org
G
Org
A
EnterpriseEnterprise SystemSystem RegulatoryRegulatory Ad hocAd hoc
Cyber Security Assessment & Management
Management Reporting
FISMA REPORTS
AGENCY DASHBOARD(PERFORMANCE METRIX &
COMPLIANCE STATUS)
EnterpriseEnterprise SystemSystem RegulatoryRegulatory Ad hocAd hoc
Cyber Security Assessment & Management
Management Reporting
FISMA REPORTS
AUDIT LOGS
EnterpriseEnterprise
SystemSystem RegulatoryRegulatory Ad hocAd hoc
Cyber Security Assessment & Management
Management Reporting
SYSTEM SECURITY PLAN(WITH HYPERLINKS)
EnterpriseEnterprise
SystemSystem RegulatoryRegulatory Ad hocAd hoc
Cyber Security Assessment & Management
Management Reporting
EnterpriseEnterprise SystemSystem
RegulatoryRegulatory Ad hocAd hoc
Cyber Security Assessment & Management
Management ReportingPTA
PIA
EnterpriseEnterprise SystemSystem RegulatoryRegulatory
Ad hocAd hoc
Cyber Security Assessment & Management
Management Reporting
Cyber Security Assessment & Management
Training
Ann
ual T
rain
ing
Req
uire
men
t
Leadership Track
Response Track
Planning Track
IT Security Operations and Technology Track
Executive Overview 4/5, 4/20, 5/18
Incident Response 1/31, 2/06, 3/07
IT Contingency Planning 1/31, 2/06, 3/07
IT Sec Planning & Mgmt 4/19, 5/17, 6/21
Separation of Duties Avail Online 4/1
Protecting the Computing Environ. 3/22, 4/19, 5/17, 6/21
Security Expressions @DOJ tbd
Foundstone @DOJ 3/29
Vulnerability & Config Sec Mgmt 3/21, 4/18, 5/16, 6/20
AppDetective @DOJ tbd
CIO, AOCISO CA
ALL
ISSM, ISSO
ALLISSM, ISSOSA
Resp for FS
Resp for SE
Resp for AD
Resp for CP
Resp for IR
Qua
rte
rly
CSAM ToolkitCyber Sec. Assessment & Mgmt
Training for new users 3rd Fri each month
Training Workshop 3rd Fri each month
CA, ISSM,ISSO, SA,Aud., UserReps
CSAM C&A Web Architecture
SQL Server 2005
Database Application
Web Server
CSAM C&A Client Website
• ASP.NET 2.x Website
• Runs on IIS 5.1 or later
• Uses Crystal Reports Runtime
• Browsers: Internet Explorer Netscape
SSP Generator Application• VB.NET Application
• Processes SSP Requests
• Returns Completed SSP to Database
• Uses Microsoft Word to Generate Documents
C&A Web Daily Process• VB.NET Application
• Removes Temporary Files when no longer needed
• Nightly processing to run account management
and POA&M approval routines.
TrustedAgent Architecture
AgencyIntranet
Bureau StaffOCIO FISMAManagement
System Staff
WebBrowser
OracleDatabase
Server
OMBPOA&Ms
and Metrics
Web andApplication
Server
Server
WebBrowser
SSLJDBC
WebBrowser
Reports
SSL
SSL
SSL
OS: Windows Server Platform Database: Oracle 8i,9i, 10g Web/App Server: Tomcat 4.x, 5.x, JRUN 4.x, IIS 5+,
Apache1.3+ Browser: Internet Explorer 5.5+, Netscape 7.1+
Memory: 4 GB+ Disk space: 100 GB+ Processing: 2 CPUs; 2+ GHz
or higher processing speed each
Industry Standard! Scalable Technology!
Familiarization DemonstrationsFamiliarization Demonstrations:: Friday, March 16thFriday, March 16th:: 9am – noon 9am – noon
Monday, March 19thMonday, March 19th:: 9am – noon 9am – noon Target audienceTarget audience: SSC Solutions Decision Makers: SSC Solutions Decision Makers
C&A Functional UsersC&A Functional Users
IT Configuration TechniciansIT Configuration Technicians
For further information* For further information* :: [email protected]@usdoj.gov Ken GandolaKen Gandola Jim LeahyJim Leahy
202-353-0081202-353-0081 202-353-8741202-353-8741
[email protected]@[email protected]@usdoj.gov
Cyber Security Assessment & Management
CSAM
* Please have agency project leads coordinate inputs for your agency or identify your position and project role with your inquiry.
Reservations Required