80 likes | 224 Views
Security Update. Randy Speed, Chief Information Systems Policy and Control Staff. FY 2008 Accomplishments. Security Command Center (SCC) implementation Features Software tool which captures system audit logs Maintains log records from all computing platforms in a single repository
E N D
Security Update Randy Speed, Chief Information Systems Policy and Control Staff
FY 2008 Accomplishments • Security Command Center (SCC) implementation • Features • Software tool which captures system audit logs • Maintains log records from all computing platforms in a single repository • Provides the capability to produce comprehensive audit reports from a centralized location • Platforms currently being captured • Windows, UNIX and Firewall platforms • Implementation of mainframe system audit logs in progress
FY 2008 Accomplishments • Access Administration • For the period January 2008 through June 2008 • Submitted by 133 Federal government agencies • Requests received – 9,101 • Request processed – 8,749 • 96% of the security access requests were completed within 5 business days in accordance with agency service level agreements
FY 2008 Accomplishments • Security Access Reports utilizing NFC’s Reporting Center • Assists Agency Security Officers (ASOs) with various audit requirements such as A-123, FISMA, etc. • Features • Immediately available when needed, submission of requests for reports not required • Provides ASOs direct access to reports on the web • Allows ASOs to review security access reports for employees within their scope • Data refreshed every quarter • Applications implemented • STAR – System for Time and Attendance Reporting
With An Eye On The Future • Identity Access Management (IAM) • Automated security administration • Includes all computing platforms • Features • Automated access request approval and notification • ASOs will have the capability to add and remove users without submitting a request to NFC • Requires adoption of Role-based access methodology by the agency • Planned pilot implementation • FY 2009 – NFC completed • FY 2010 – Rollout to agencies
With An Eye On The Future • Security Command Center (SCC) • Finalizing production architecture and design to capture mainframe logs • Implementation of mainframe system audit logs scheduled to be completed December 2008 • Security Access Reports • Under development • EPIC - Entry Processing Inquiry and Correction System • PINQ - Payroll/Personnel Inquiry System • TINQ - Time Inquiry System • Reports will be available late Spring 2009
With An Eye On The Future • SecureAll (SALL) • Security tool for NFC’s Oracle web applications • RPCT – Reporting Center • Features • Eliminates Help Desk intervention for password resets • Enhances security access reporting capabilities • ASO user acceptance testing is currently in progress • Scheduled implementation August 2008
With An Eye On The Future • Continue Agency Security Officer quarterly meetings • Continue to keep ASOs informed with the latest security updates • Begin working with ASOs on statement of requirements for role-based conversion