1 / 9

Agency Security Update Service (ASUS)

Agency Security Update Service (ASUS). Mike Bolger KSC CIO. ASUS Data Collection. The ASUS Project collects Enterprise IT Security Data: Patch Management – 80,000+ devices Software Inventory – 80,000+ devices Federal Desktop Core Configuration (FDCC) – 60,000+ devices

liv
Download Presentation

Agency Security Update Service (ASUS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Agency Security Update Service (ASUS) Mike Bolger KSC CIO

  2. ASUS Data Collection • The ASUS Project collects Enterprise IT Security Data: • Patch Management – 80,000+ devices • Software Inventory – 80,000+ devices • Federal Desktop Core Configuration (FDCC) – 60,000+ devices • Network Vulnerability – 120,000+ devices • Network Inventory – 120,000+ devices • Data is stored in IT Security Enterprise Data Warehouse (ITSEC-EDW) • Provides centralized “one-stop-shop” for IT Security Data

  3. Continuous Monitoring / Reporting Example Data

  4. Continuous Monitoring / Reporting Interactive website provides searchable reports List of Vulnerabilities By Center Or Security Plan Drill down to a list of Workstation/server with vulnerabilities

  5. Continuous Monitoring • The Agency is focusing on expanded Continuous Monitoring in alignment to proposed FISMA changes • ASUS Team is currently providing Continuous Monitoring for: • Patch Management • Software Inventory • Network Inventory • Network Vulnerabilities • Developing automated methods to Continuously Monitor NIST 800-53 Controls (IT System Security Plans)

  6. IT Security Risk-Based Reporting • Continuous Monitoring will feed NASA IT Security Risk Score • Provide overall Risk score for a Security Plan, Center and the Agency • Helps focus workforce to problem areas • Puts focus on reducing risk, not just meeting metrics

  7. Collaboration with other NASA projects • ASUS Project is working to add IT Security Data Sources • Incident data from the NASA SOC • Antivirus data from ODIN • DHCP data from IPAM • Application data from Agency Data Center Consolidation (ADCC) • The ASUS Project is a preventative tool in NASA’s IT Security arsenal

  8. Patch Management Solution • Agency is moving to a new Patch Management Solution • Reached the potential of the PatchLink product • Selected product • Benefits: • More robust Agent • Scalable to meet NASA’s complex architecture • Follows OVAL standards • Provides additional functionality • “Agent on a USB Stick” • Network Inventory to locate machines missing an Agent • Appliance – reduces costs and maintenance for the Agency

  9. Agency Data Center Consolidation (ADCC) • Collaborating with the Agency Data Center Consolidation (ADCC) Project • OMB has come out with the “Federal Data Center Consolidation Initiative” • Goal is to reduce overall costs and energy consumption • ADCC is preparing to deploy an Inventory and Application Mapping tool in all NASA Data Centers • Application Mapping = tells us what is required to move a “service” (i.e. Tech Doc) • ASUS team will be providing the technical expertise to coordinate the deployment of the automated tool across the Agency

More Related