Upload File

security is not just… 1 a compliance exercise certification and accreditation fisma

  • Home
  • Documents
  • Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA
10

Upload: catherine-warner

Post on 02-Jan-2016

213 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA
Page 2: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

Security is not just…Security is not just…

1

A Compliance Exercise

Certification and Accreditation

FISMA

Page 3: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

What is Security?What is Security?

2

Security Architecture

& Models

Cryptography

Security Management

Access Controls &

Methodology

Laws, Investigations,

& Ethics

Applications &Systems

Development

PhysicalSecurity

Operations Security

Telecommunications& Networking

Security

BusinessContinuityPlanning

Page 4: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

What is Enterprise Security Architecture?What is Enterprise Security Architecture?

3

Enterprise Security Architecture is…

…the strategic focus that enables the organization to carry out its mission in a secure

manner

What Drives Security Architecture?What Drives Security Architecture?

FISMA

OMB A-130; Appendix III

NIST

Organization Policies and Procedures

Page 5: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

Minimum Enterprise Security ArchitectureMinimum Enterprise Security Architecture

4

All agencies must create a Security and Privacy Profile (SPP) that addresses, per OMB A-130; Appendix III:

Encryption

Malware

Access Controls

Identification & Authentication

Audit Trail Creation & Analysis

Intrusion Detection & Prevention

Fraud Detection, Prevention, & Mitigation

Page 6: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

Enterprise Security Architecture Answers…Enterprise Security Architecture Answers…

5

The OMB SPP Helps Organize…The OMB SPP Helps Organize…

Is the existing security program effective?

Is risk being managed effectively?

Are there any new laws or policies that need to be implemented?

Planning Efforts for Future Requirements

Current Requirements

Capabilities

Gap Analysis Efforts

Page 7: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

Key EA Security GoalsKey EA Security Goals

7

EA Security RequirementsEA Security Requirements

Confidentiality

Integrity

Availability

Enable advanced IT security capabilities

Developed an IT security empowered workforce

Improve IT security situational awareness

Provide DOT-wide IT security services

Page 8: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

Where Do These Efforts Fit Within the EA Framework?Where Do These Efforts Fit Within the EA Framework?

8

Page 9: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

Priorities For Addressing Integration of EA & SecurityPriorities For Addressing Integration of EA & Security

10

Streamline communication between Business Owners, ISSO’s, and Information Security Office

Implement metrics that will effectively analyze the performance of security within DOT Information Systems

EA Team Members must participate within Information Security working groups and Vice Versa

Coordinate with Business Owners and the Information Security Office to develop the Trust Model Architecture

Page 10: Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

QUESTIONSQUESTIONS


School of Sport & Exercise Sciences FACULTY OF SCIENCE HTA Accreditation Training Presented by Monica Barclay

***FISMA & OMB Memorandum M-07-16

INFO 610 FISMA Presentation

FISMA COMPLIANCE—FIRMWARE SECURITY BEST ...1 2019 Eclypsium, Inc FISMA COMPLIANCE—FIRMWARE SECURITY BEST PRACTICES FISMA, and the NIST documents supporting it, repeatedly underscore

HIPAA Security Rule/FISMA Requirements Crosswalk

Achieving FISMA Compliance with Acquia Cloud

***FISMA & OMB Memorandum M-07-16*** - SEC

Sport & Exercise Psychology Accreditation Route Candidate

Fisma FedRAMP Drupal

FY 2017 CIO FISMA Metrics - dhs.gov

2014 Exercise Science (Full) Membership … 1 2014 Exercise Science (Full) Membership Application Form – NUCAP For graduates of a NUCAP (National University Course Accreditation

Rethinking FISMA and Federal Information Security Policy

Meeting Federal Government Compliance … · Meeting Federal Government Compliance Requirements FISMA The Federal Information Security Management Act (FISMA) was passed by …

FISMA Compliance Handbook - UAB

***FISMA & OMB Memorandum M-07-16*** - SEC.gov | … Marie Rivera Chief Legal Officer ***FISMA & OMB Memorandum M-07-16*** ***FISMA & OMB Memorandum M-07-16***

Fiscal Year 2018 -2019 FISMA Metrics · Fiscal Year 2018 -2019 FISMA Metrics Craig Chase – DHS [email protected] May 15, 2018

Specialist Accreditation - Queensland Law Society€¦ · accreditation and must be made by letter addressed to the Advisory Committee, outlining the applicant’s case for the exercise

Fisma It Security Assessment Report Templates

Splunk FISMA for Continuous Monitoring

Review of incident management teams: accreditation and ...  · Web viewThis publication is available in PDF and Word format on ... 3 accreditation have sufficient access to exercise

DojoSec FISMA Presentation

Nine Steps to FISMA Compliance

Table of contents - CSRC · criteria under the 2010 OIG FISMA review approach The following was used as criteria for Certification and Accreditation: FIPS 199‐Standard for Categorization

Accreditation at Indiana Wesleyan University · – Association of Theological Schools Seminary 10 . CAAHEP – Commission on Accreditation of Allied Health Education Programs Exercise

FISMA Certification Workflow, Communication & Management Framework

Evolution of OIG FISMA Metrics - NIST Computer Security ... · Evolution of OIG FISMA Metrics Information Security ... Agenda • Inspector General (IG) FISMA metrics background •

FISMA and Metrics

Exercise: Accreditation of a National Implementing Entity

FISMA FY 2015 FOUO Redacted.pdf

Rapid7 FISMA Compliance Guide

How to Defend Against FISMA Gus Fritschie and Andrew Du June 1st, 2013 FISMA Compliance

FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)

Using Cisco’s Vmdc to Facilitate FISMA Compliance

FISMA Charisma: Keeping Compliance in Control (236679777)

DuAnn Kremer, Ph.D. Lynchburg College Committee on Accreditation for the Exercise Sciences (CoAES)