1 / 8

CNCI-SCRM STANDARDIZATION Discussion

CNCI-SCRM STANDARDIZATION Discussion. Don.Davidson@osd.mil Globalization Task Force OASD-NII / DoD CIO. Unclassified / FOUO. Globalization brings challenges. The government has suppliers that it may not know and may never see Less insight into suppliers’ security practices

lonna
Download Presentation

CNCI-SCRM STANDARDIZATION Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CNCI-SCRMSTANDARDIZATION Discussion Don.Davidson@osd.mil Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO

  2. Globalization brings challenges The government has suppliers that it may not know and may never see Less insight into suppliers’ security practices Less control over business practices Increased vulnerability to adversaries “Scope of Supplier Expansion and Foreign Involvement” graphic in DACS www.softwaretechnews.com Secure Software Engineering, July 2005 article “Software Development Security: A Risk Management Perspective” synopsis of May 2004 GAO-04-678 report “Defense Acquisition: Knowledge of Software Suppliers Needed to Manage Risks”

  3. Comprehensive National Cybersecurity Initiative (CNCI) Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Intrusion Prevention System (Dynamic Defense) Coordinate and Redirect R&D Efforts Focus Area 1 Establish a front line of defense Connect Current Centers to Enhance Cyber Situational Awareness Develop a Government Wide Cyber Counterintelligence Plan Increase the Security of the Classified Networks Expand Education Focus Area 2 Demonstrate resolve to secure U.S. cyberspace & set conditions for long-term success Define and Develop Enduring Leap Ahead Technology, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Develop Multi-Pronged Approach for Global Supply Chain Risk Management Define the Federal Role for Extending Cybersecurity into Critical Infrastructure Domains Focus Area 3 Shape the future environment to demonstrate resolve to secure U.S. technological advantage and address new attack and defend vectors 3

  4. Systems Assurance TRADESPACE Unique Requirements Acquirers Systems Integrators Suppliers SCRM Standardization and Levels of Assurance will enable Acquirers to better communicate requirements to Systems Integrators & Suppliers, so that the “supply chain” can demonstrate good/best practices and enable better overall risk measurement and management. Higher COST can buy Risk Reduction COTS products Slippery Slope / Unmeasurable Reqts Lower Cost usually means Higher RISK

  5. SCRM Stakeholders US (CNCI ) has vital interest in the global supply chain. Other Users CIP SCRM STANDARDIZATION Enabled by Information Sharing SCRM “commercially acceptable global standard(s)” must be derived from Commercial Industry Best Practices. Commercial Industry DoD DHS & IA SCRM Standardization Requires Public-Private Collaborative Effort

  6. Back-upSlides Unclassified / FOUO

  7. SDO Landscape: SCRM Perspective

  8. SCRM Study Periods:Nov’09 – Apr’10 / May-Oct’10 SCRM Ad Hoc WG • Potential ICT SCRM ISO Standard • Development 2010-2013 • Adoption 2013-2016

More Related