government laws fitsp-a module 2. government likes to begin things – to declare grand new programs...
TRANSCRIPT
![Page 1: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/1.jpg)
Government Laws
FITSP-AModule 2
![Page 2: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/2.jpg)
Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings are not the measure of success. What matters in the end is completion. Performance. Results. Not just making promises, but making good on promises. In my Administration, that will be the standard from the farthest regional office ofgovernment to the highest office of the land.
President George W. Bush
My Administration is committed to creating an unprecedented level of openness in Government. We will work together to ensure the public trust and establish a system of transparency, public participation, and collaboration. Openness will strengthen our democracy and promote efficiency and effectiveness in Government.
- President Barack Obama
Leadership
![Page 3: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/3.jpg)
FITSP-A Exam Objectives:Security Topic: Regulatory & Standards Compliance
A FITSP-Auditor is expected to understand and to be able to apply:
Audit strategies for compliance with the organization’s information security program
Identify and stay current on all laws, regulations, standards, and best practices applicable to the organization
Oversee relationships with all regulatory information security organizations and appropriate industry groups, forums, and stakeholders
Keep informed on pending information security changes, trends, and best practices by participating in collaborative settings
Review information security compliance performance measurement components
![Page 4: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/4.jpg)
Government Laws Module Overview
Section A: Congress & The President– Federal Information Security Management Act of 2002 (Title III of the E-
Government Act)• Evolution of Compliance• Elements of a Security Program• Reporting Metrics
Section B: NIST – National Institute of Standards & Technologies– Computer Security Division– Risk Management Framework
Section C: OMB – Office of Management & Budget– Circular A-130– Memorandum
Section D: DHS – Department of Homeland Security– Cybersecurity Responsibilities– Presidential Directives
Section E: HHS – Health & Human Services– HIPAA Health Insurance Portability and Accountability Act– HITECH Health Information Technology for Economic and Clinical Health
![Page 5: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/5.jpg)
HIPAA Security Rule
CS
A ,
FIS
MAPRA HSA
CNSS Guidanc
e
Congress: Legislation
NIST Guidanc
e
OMB: Oversight
DHS: Authority
OMB Liai
son:
Fede
ral C
IO
DHS Liaison:
Cybesecurity
Coordinator
Federal Agencies
President: Agenda (PMA)
HHS/CMS OCR
Authority, Guidance, Oversight
RMF
CNSS 1253H
IPA
A,
H
ITEC
H
![Page 6: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/6.jpg)
CONGRESS AND THE PRESIDENT
Section A
![Page 7: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/7.jpg)
Legislative History
![Page 8: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/8.jpg)
![Page 9: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/9.jpg)
![Page 10: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/10.jpg)
E-Government Act of 2002Public Law 107-347
Establishes Office of E-Gov within OMB Areas of E-Gov:
– Capital planning and investment control for information technology
– Development of enterprise architectures (FEA)– Information Security (Title III)– Access to government information
Establishes CIO Counsel in the Executive branch
![Page 11: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/11.jpg)
What is FISMA?
Title III of E-Gov Act of 2002 Requires Each Federal Agency to Implement an
Information Security Program Report annually to OMB
– Adequacy of security program– Address adequacy in plans and reports relating to annual
budgets– Significant deficiency
Continuously Evolving
![Page 12: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/12.jpg)
The Evolution of FISMA Compliance
Continuous Monitoring Timely, and Role-relevant Information Outcome-based Metrics
– “metrics are a policy statement about what Federal entities should concentrate resources on”
Monthly Data Feeds Directly from Security Management Tools (CyberScope)
Government-wide Benchmarking on Security Posture (Questionnaire)
Agency-specific interviews (CyberStat with DHS)
This process is designed to shift our efforts away from a culture of paperwork reports. The focus must be on implementing solutions that actually improve security.
![Page 13: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/13.jpg)
FISMA Reporting Metrics
Administration Priorities (AP) Key FISMA Metrics (KFM) Baseline Questions (Base)
![Page 14: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/14.jpg)
Knowledge Check
This law gave OMB the authority to define policies for US Government Agencies.
This law assigned responsibilities to NIST for creating standards and guidelines relating to securing Federal information systems.
This OMB program provides a structure for Agencies to identify business processes.
![Page 15: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/15.jpg)
NIST - NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Section B
![Page 16: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/16.jpg)
NIST, Computer Security Division
Federal Information Security Management Act (FISMA) Implementation ProjectProtecting the Nation's Critical Information Infrastructure
Standards for categorizing (FIPS 199) Standards for minimum security requirements (FIPS 200) Guidance for selecting security controls (SP 800-53) Guidance for assessing security controls (SP 800-53a) Guidance for the security authorization (SP 800-37) Guidance for monitoring the security controls
(SP 800-137) Guidance for identifying National Security Systems (800-
59)
![Page 17: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/17.jpg)
Risk Management Framework
![Page 18: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/18.jpg)
OMB – OFFICE OF MANAGEMENT AND BUDGET
Section C
![Page 19: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/19.jpg)
The Management Side of OMB
Office of Federal Financial Management Office of Federal Procurement Policy Office of E-Government and Information Technology Office of Performance and Personnel Management Office of Information and Regulatory Affairs
![Page 20: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/20.jpg)
OMB Instructions
Circulars “A-”– Budget – State and Local Governments – Educational and Non-Profit Institutions – Federal Procurement – Federal Financial Management – Federal Information Resources / Data Collection – Other Special Purpose
Memoranda “M-”– Providing further explanation and guidance
![Page 21: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/21.jpg)
OMB Circular A-130
Establishes policy for the Management of Federal Information Resources
Issued under the authority of the Paperwork Reduction Act and Clinger-Cohen Act
Appendix I Federal Agency Responsibilities for Maintaining Records about Individuals – Guidance for implementing Privacy Act of 1974
Appendix III Security of Federal Automated Information Resources– Establishes concept of a minimum set of security controls– Establishes key definitions used by NIST Special Publications
![Page 22: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/22.jpg)
OMB A-130 Background
Privacy Act of 1974 Paperwork Reduction Act 1980 Computer Security Act of 1987 Clinger-Cohen Act of 1996 Gov’t Paperwork Elimination Act of 1998
![Page 23: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/23.jpg)
OMB A-130, Appendix III
Definitions– GSS General Support System– MA Major Application– Adequate security
Assignment of Responsibilities Reporting
– Deficiencies & Corrective Actions– Security Plan Summary
![Page 24: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/24.jpg)
OMB Memoranda
General Guidance– POAMs– Continuity Plans– FDCC– Trusted Internet Connections
Reporting Guidance– GISRA– FISMA– Incidents involving PII
Policies– Federal Agency Public Websites– “File Sharing” Technology
Implementation Guidance– Government Paperwork Elimination Act– E-Government Act– HSPDs
![Page 25: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/25.jpg)
Trusted Internet ConnectionsM-09-32
Inventory External Connections Meet TIC Critical Technical Capabilities Implement Critical TIC capabilities Acquire Telecommunications Connectivity
Through Networx Contract Consolidate External Connections Through
Approved Access Points (TICAPS)
![Page 26: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/26.jpg)
CIO Reporting Metric #7 Boundary Protection
Target Level for 2014
![Page 27: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/27.jpg)
Reporting Instructions (Changes)OMB M-11-33/ FISM 11-02/FISM 12-02
CyberScope– …collection of data should be a by-product of existing continuous
monitoring processes, not a bolt-on activity that redirects valuable resources from important mission activities.
– Monthly Data Feeds– Quarterly Reporting – Annual Reporting (Mid-November)– Information Security Questions – CyberStat Review (Conducted by DHS) Sessions and Agency
Interviews
FAQ (9) Must the DoD and the ODNI follow OMB policy and NIST guidelines? YES!!
FAQ (34) Is Reauthorization Required Every 3 Years… NO! FAQ (42) Mandatory use of secure configurations (USGCB)
![Page 28: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/28.jpg)
Reporting Instructions (Changes)FY2013 and FY2014
OMB Guidance Continues to evolve in M-14-04.
Key changes occurred in the following areas:1. Increased emphasis on privacy controls
1. Authorizations to Operate (ATO) require Senior Agency Official for Privacy to sign off.
2. SP 800-53 Rev 4 – Appendix J Privacy Controls added to mandatory controls baseline
2. POA&Ms now only track security weaknesses that will be remediated.
3. Monthly and quarterly reporting of CIO metrics required of all “CIO Council member agencies” vs. smaller list of 24 CFO Act agencies.
![Page 29: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/29.jpg)
Reporting Instructions (Changes)FY2013 and FY2014
4. Continuous Monitoring – rebranded as Information Security Continuous Monitoring (ISCM)
5. Security Overlays – Develop set of security controls to address unique threat profile for community-wide use (health care, intelligence, industrial control systems, cloud computing). New concept from 800-53 Rev 4.
6. Mobile Device Security – added emphasis that data protection (i.e. encryption) and remote access security controls apply to mobile devices
![Page 30: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/30.jpg)
Standardized Desktop OS Configuration Settings
Federal Desktop Core Configuration (FDCC)– Windows XP & Vista
US Gov’t Baseline Configuration (USGBC)– Windows 7 & IE 8– Red Hat Enterprise Desktop Linux– In Development: Mac OS X & Windows 8
Security Content Automation Protocol (S-CAP)
![Page 31: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/31.jpg)
Privacy & Privacy ReportingM-07-16
Safeguarding PII Breach Notification Policy SAOP Reporting Metrics FY2012
– Information Security Systems (w/PII)– PIAs and SORNs– Privacy Training– PIA and Web Privacy Policies and Processes– Written Privacy Complaints– SAOP Advice and Guidance– Agency Use of Web Management and Customization
Technologies (e.g., “cookies,” “tracking technologies”)
![Page 32: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/32.jpg)
Privacy & Privacy ReportingM-14-04 & DHS Privacy Metrics
Privacy in OMB’s FY2014 Instructions1. NIST SP 800-53 Appendix J Privacy Controls
implementation is mandatory.
2. Privacy Controls and practices may be considered an agency “common control.”
3. SOAP approval required for ATO of GSS or MA
DHS FY2014 SAOP FISMA Privacy Metrics• 10 questions covering privacy requirements from the
Privacy Act of 1974, E-Gov’t Act of 2002, and Federal Agency Data Mining Reporting Act of 2007
![Page 33: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/33.jpg)
Knowledge Check
This document provides a policy framework for information resources management across the Federal government.
This OMB memo requires that agencies safeguard against and respond to breaches of personally identifiable information.
Name an initiative to create security configuration baselines for Information Technology products widely deployed across the federal agencies.
Agencies are required to adhere to DHS’ direction to report data through this automated reporting tool. What is the required frequency of these data feeds?
The OMB A-130’s stated requirement for reauthorization is at least once every 3 years. What must an agency do to waive that requirement?
![Page 34: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/34.jpg)
DHS - DEPARTMENT OF HOMELAND SECURITY
Section D
![Page 35: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/35.jpg)
DHS – Department of Homeland Security
Prevent Terrorism and Enhance Security Secure and Manage our Borders Enforce and Administer our Immigration Laws Safeguard and Secure Cyberspace Ensure Resilience to Disasters
And now… Cybersecurity!
![Page 36: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/36.jpg)
Cybersecurity Responsibilities M-10-28
Office of Management and Budget– Annual FISMA Report to Congress– Cybersecurity Portions of the President’s Budget
Cybersecurity Coordinator– Cybersecurity Strategy and Policy Development
Department of Homeland Security– Critical Infrastructure Protection– US-CERT– Trusted Internet Connection Initiative– Primary Responsibility for the Operational Aspects of
Cybersecurity
![Page 37: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/37.jpg)
Presidential Decision Directives
PDDPresidential Decision Directives
1993–2001 Clinton
NSPDNational Security Presidential Directives
2001–2009 G. W. Bush
HSPDHomeland Security Presidential Directives 2001-
G. W. Bush and Obama
PSDPresidential Study Directives 2009- Obama
PPDPresidential Policy Directives 2009- Obama
![Page 38: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/38.jpg)
Homeland Security Presidential Directives
HSPD-3 – Homeland Security Advisory System HSPD-5 – Management of Domestic Incidents HSPD-7 – Critical Infrastructure Identification,
Prioritization, and Protection PDD-8 – National Preparedness HSPD-12 – Policy for a Common Identification Standard
for Federal Employees and Contractors HSPD-20/NSPD-51 – National Continuity Policy HSPD-24 – Biometrics for Identification and Screening to
Enhance National Security
![Page 39: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/39.jpg)
HHS – HEALTH & HUMAN SERVICES
Section E
![Page 40: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/40.jpg)
History of HIPAA
1996: Health Insurance Portability and Accountability Act (HIPAA)
Directed Secretary of HHS to Develop Standards for Protecting (e-PHI)
Feb 2003: HHS Published the Security Rule Standard Oct 2008: SP 800-66 r1 An Introductory Resource
Guide for Implementing the HIPAA Security Rule– Duplication of Effort… Stove piping?
• e-PHI - Electronic Protected Health Information • SP 800-60, D.14 - Health
2009: Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA)
![Page 41: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/41.jpg)
HITECH = Auditing
![Page 42: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/42.jpg)
ARRA/HITECH: Game Changers
Electronic Health Record (EHR) System – Incentives to Accelerate Adoption of EHR Systems among Providers
Enforcement – Requires Audits for HIPAA Compliance! Notification of Breach - Now Imposes Data Breach
Notification Requirements Electronic Health Record Access – For Providers
implementing HER, Patients Have the Right to Obtain PHI in an Electronic Format (i.e. ePHI).
Business Associates, (Software vendors providing EHR systems) now, Directly "On The Compliance Hook"
![Page 43: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/43.jpg)
Cybersecurity Legislative Proposal
Many New Cyber-related Bills Protecting the American People Protecting our Nation’s Critical Infrastructure Protecting Federal Government Computers and
Networks– The Administration proposal would update FISMA and formalize
DHS’ current role in managing cybersecurity for the Federal Government’s civilian computers and networks, in order to provide departments and agencies with a shared source of expertise.
New NIST Cybersecurity Framework, February 2014
![Page 44: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/44.jpg)
Cybersecurity Framework
![Page 45: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/45.jpg)
Government Laws Key Concepts & Vocabulary
Legislative Milestones– Paperwork Reduction Act of 1980– Computer Security Act of 1987– Clinger-Cohen Act of 1996– Homeland Security Act &
E-Government Act of 2002 (Title III FISMA)
NIST Standards & Guidelines– NIST SP 800-37r1 – Risk Management Framework
OMB Memorandums– M 10-28 Cybersecurity Responsibilities of DHS– FISM 11-01 Trusted Internet Connections– M 07-16 Privacy
DHS & Cybersecurity– M 08-16 Configuration Baselines– FISM 12-02/M 11-33 FISMA Reporting Guidelines– CyberScope
![Page 46: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/46.jpg)
Lab Activity 1 – Searching for Guidance
OMBOversight – Policy
OMB A-130
DHSAuthority -
HSPDsCNSS
NISTGuidance – Standards (FIPS), Guidelines (SP)
![Page 47: Government Laws FITSP-A Module 2. Government likes to begin things – to declare grand new programs and causes and national objectives. But good beginnings](https://reader033.vdocument.in/reader033/viewer/2022052603/56649c955503460f9495205c/html5/thumbnails/47.jpg)
Questions?
Next Module: Risk Management Framework