280 likes | 542 Views
Cyber Security Assessment & Management CSAM Highlight of Capabilities. Comprehensive FISMA Compliance, Management & Reporting. Risk-Based Policy & Implementation Guidance Program Management Plan Subordinate System SSP Management Reporting Training & Quarterly Workshops
E N D
Cyber Security Assessment & Management CSAM Highlight of Capabilities Comprehensive FISMA Compliance, Management & Reporting Risk-Based Policy & Implementation Guidance Program Management Plan Subordinate System SSP Management Reporting Training & Quarterly Workshops • Demonstration Days • Friday (3/16): 9am - noon • Monday (3/19): 9am - noon Five Services, One Complete FISMA Solution 1 2 3 4 5
Cyber Security Assessment & Management CSAM Risk-Based Policy & Implementation Guidance • Threats and Vulnerabilities • Roles – Responsibilities - Privileges • Standards Program Management Plan Subordinate System SSP Management Reporting Training & Quarterly Workshops 1 2 3 4 5
Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance Threats and Vulnerabilities • Roles – Responsibilities – Privileges • Standards
Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance • Threats and Vulnerabilities Roles – Responsibilities – Privileges • Standards
Cyber Security Assessment & Management Risk-Based Policy & Implementation Guidance • Threats and Vulnerabilities • Roles – Responsibilities – Privileges Standards Security Control Set Test Cases Expected Results Compliance Guidance &Descriptions Subject Matter Expertise
Cyber Security Assessment & Management Program Management Plan Enterprise System Inventory • Performance Dashboard • Cost Guidance • Document Templates & Templates • PMP Table of Contents
Cyber Security Assessment & Management Program Management Plan • Enterprise System Inventory Performance Dashboard • Cost Guidance • Document Templates & Templates • PMP Table of Contents
Cyber Security Assessment & Management Program Management Plan • Enterprise System Inventory • Performance Dashboard Cost Guidance • Document Appendices & Templates • PMP Table of Contents $14,903
Cyber Security Assessment & Management Program Management Plan • Enterprise System Inventory • Performance Dashboard • Cost Guidance Document Appendices & Templates • Table of Contents
Cyber Security Assessment & Management Program Management Plan • Enterprise System Inventory • Performance Dashboard • Cost Guidance • Document Appendices & Templates Table of Contents • Enterprise • Program Management Plan • Table of Contents • Missions, Strategic Goals, Objectives, Systems • IT Security Management Strategy • Core Program Management Approach • Organization of the IT Security Program • IT Security Program External Guidance • IT Security Program External Interfaces • Roles & Responsibilities • FISMA Reporting • Program Implementation • IT Security Goals and Action Plans
Cyber Security Assessment & Management Subordinate System SSP System Security Plan (SSP) • Scope • Category • Inheritance (common controls) • Artifacts • POA&Ms • SSP • Risk Assessment • Threats-Impact • Risk Control Requirements • (Linked to policy (SRTM) SSP 1. System Identification 2. System Operational Status 3. General Description/ Purpose 4. System Environment 5. System Interconnections/Information Sharing 6. Sensitivity of Information Handled 7. Planning for Security in the Life Cycle 8. Security Control Measures SSP Appendices Appendix D: Requirements (RTM) Appendix E: ST&E Plan And Procedures Appendix F: Certification Results Appendix G: Risk Assessment (RA) Results Appendix H: Certifier’s Recommendation Appendix I: System Security Policy Appendix J: System Rules of Behavior (ROB) Appendix K: Security Operating Procedures Appendix L: Contingency Plan(s) Appendix M: Security Awareness Training Plan Appendix O: Incident Response Plan Appendix P: MOA/Service Level Agreements (SLA) Appendix Q: Configuration Management Plan Appendix R: Accreditation Statement & Documentation Appendix S & T: Hardware & Software Listings Appendix U: C&A Schedule
Cyber Security Assessment & Management Subordinate System SSP • SSP Scope • Category • Inheritance (common controls) • Artifacts • POA&Ms RTM Factor scoping
Cyber Security Assessment & Management Subordinate System SSP • SSP • Scope Category • Inheritance (common controls) • Artifacts • POA&Ms 800-60 Reference material
Cyber Security Assessment & Management Subordinate System SSP • SSP • Scope • Category Inheritance (common controls) • Artifacts • POA&Ms
Cyber Security Assessment & Management Subordinate System SSP • SSP • Scope • Category • Inheritance (common controls) Artifacts • POA&Ms
Cyber Security Assessment & Management Subordinate System SSP • SSP • Scope • Category • Inheritance (common controls) • Artifacts POA&Ms AUTO-GENERATED POA&Ms
Cyber Security Assessment & Management Subordinate System SSP • SSP • Scope • Category • Inheritance (common controls) • Artifacts POA&Ms
Cyber Security Assessment & Management Subordinate System SSP • SSP • Scope • Category • Inheritance (common controls) • Artifacts POA&Ms
Org A Org B Org C Org D Org E Org F Org G Org H Org I Org J Cyber Security Assessment & Management Management Reporting Enterprise • System • Regulatory • Ad hoc FISMA REPORTS AGENCY DASHBOARD (PERFORMANCE METRIX & COMPLIANCE STATUS)
Cyber Security Assessment & Management Management Reporting Enterprise • System • Regulatory • Ad hoc FISMA REPORTS AUDIT LOGS
Cyber Security Assessment & Management Management Reporting • Enterprise System • Regulatory • Ad hoc SYSTEM SECURITY PLAN (WITH HYPERLINKS)
Cyber Security Assessment & Management Management Reporting • Enterprise System • Regulatory • Ad hoc
Cyber Security Assessment & Management Management Reporting • Enterprise • System Regulatory • Ad hoc PTA PIA
Cyber Security Assessment & Management Management Reporting • Enterprise • System • Regulatory Ad hoc
Training Workshop Protecting the Computing Environ. Separation of Duties IT Sec Planning & Mgmt IT Contingency Planning Security Expressions @DOJ Vulnerability & Config Sec Mgmt Executive Overview AppDetective @DOJ Foundstone @DOJ Training for new users Incident Response 4/5, 4/20, 5/18 3/21, 4/18, 5/16, 6/20 Avail Online 4/1 tbd 1/31, 2/06, 3/07 3rd Fri each month 1/31, 2/06, 3/07 3/22, 4/19, 5/17, 6/21 tbd 4/19, 5/17, 6/21 3rd Fri each month 3/29 Cyber Security Assessment & Management Training Leadership Track CIO, AO CISO CA Planning Track ALL ISSM, ISSO IT Security Operations and Technology Track ALL Annual Training Requirement ISSM, ISSO SA Resp for FS Resp for SE Resp for AD Response Track Resp for CP Resp for IR CSAM ToolkitCyber Sec. Assessment & Mgmt CA, ISSM, ISSO, SA, Aud., User Reps Quarterly
CSAM C&A Web Architecture Database Application Web Server • SSP Generator Application • VB.NET Application • Processes SSP Requests • Returns Completed SSP to Database • Uses Microsoft Word to Generate Documents SQL Server 2005 • C&A Web Daily Process • VB.NET Application • Removes Temporary Files when no longer needed • Nightly processing to run account management • and POA&M approval routines. • CSAM C&A Client Website • ASP.NET 2.x Website • Runs on IIS 5.1 or later • Uses Crystal Reports Runtime • Browsers: Internet Explorer • Netscape
TrustedAgent Architecture Industry Standard! Scalable Technology! • OS: Windows Server Platform • Database: Oracle 8i,9i, 10g • Web/App Server: Tomcat 4.x, 5.x, JRUN 4.x, IIS 5+, Apache1.3+ • Browser: Internet Explorer 5.5+, Netscape 7.1+ • Memory: 4 GB+ • Disk space: 100 GB+ • Processing: 2 CPUs; 2+ GHz or higher processing speed each
Cyber Security Assessment & Management CSAM • Familiarization Demonstrations: • Friday, March 16th: 9am – noon • Monday, March 19th: 9am – noon • Target audience: SSC Solutions Decision Makers C&A Functional Users IT Configuration Technicians • For further information* : • DOJLOBCSAM@usdoj.gov • Ken GandolaJim Leahy 202-353-0081 202-353-8741 Kenneth.d.gandola@usdog.govjames.t.leahy@usdoj.gov Reservations Required * Please have agency project leads coordinate inputs for your agency or identify your position and project role with your inquiry.