1 / 21

US Department of State Jay Coplon

US Department of State Jay Coplon. My Commitment. You will get a sense for how we do C&A You will find value in being here All of your questions will be answered. Key Points. Quantitative Metrics Toolkits, Tools and Templates Continuous Monitoring Questions and Answers.

wattan
Download Presentation

US Department of State Jay Coplon

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. US Department of StateJay Coplon

  2. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be answered

  3. Key Points Quantitative Metrics Toolkits, Tools and Templates Continuous Monitoring Questions and Answers

  4. Decision Memo Authorization to Operate • When the Control Limits have not been exceeded.

  5. Decision Memo Authorization to Operate • When the Control Limits have been exceeded.

  6. Risk Score in iPost

  7. Fully Reporting in iPost • System Owner will maintain a high level of hosts fully reporting (to iPost) within the accreditation boundary.  Fully means current reporting on hardware, software, patch, vulnerability, and compliance

  8. Low or No Medium Traditional Risk • The System Owner will maintain a level or state of low or no Medium business risk as determined by traditional C&A. 

  9. Notification of Change Metrics Exceeding the Specification Limits Exceeding the Control Limits

  10. C&A – How we communicate with our customers. SharePoint Website Policy, Procedure, Standard Document Center Organized by categories Alert Notifications Page and/or Document Workshops Tools

  11. SharePoint

  12. SharePoint

  13. Get Ready Get Set STOP! • Exceed any specification limit • Readiness to Start C&A Checklist

  14. FIPS 199 and OMB M-04-04 • Categorize your System • Determine the Assurance Level

  15. Control Selection Tool • Identify which controls have been implemented • How each control has been implemented • C&A and Annual Security Control Assessments • Manage controls over the systems lifecycle

  16. POA&M Tester Database Tool • Linked to the system FIPS 199 categorization • Import Open Findings from previous assessments • Finding and Recommended remediation • Failed Controls are identified • Standardizes the risk is calculated for each finding • Risk Scoping

  17. iPost Continuous Monitoring

  18. IPost Continuous Monitoring

  19. Questions and Answers

More Related