1 Office of the Designated Approving Authority (ODAA) April 2008.

Slides:

Advertisements

Similar presentations

Installation & User Guide

Advertisements

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Issue Identification, Tracking, Escalation, and Resolution.

Management 5-Point Action Plan Summary Timeline Completion by June 2010 Problem Identified I. Improve efficiency, effectiveness and controls for IL 1.Match.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.

4/30/20151 Quality Assurance Overview. 4/30/20152 Quality Assurance System Overview FY 04/05- new Quality Assurance tools implemented, taking into consideration.

ODAA Workshop December 2012 Charles Duchesne, DSS Tiffany Snyder, DSS

What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,

ESEA Program Review Russ Sweet Preparing for ESEA Program Reviews of Titles I-A, II-A, VI-B (REAP), and X Summer 2014.

ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov Nov 2013.

Final Determinations. Secretary’s Determinations Secretary annually reviews the APR and, based on the information provided in the report, information.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

EMS Training Institution Accreditation Commonwealth of Massachusetts Executive Office of Health and Human Services Massachusetts Department of Public Health.

Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

SEM Planning Model.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Review of 2010 Biennial Audit of Capital Projects Cyndi Fout Project Services Director February 28, 2011.

ODAA Update Agenda ODAA Business Management System (OBMS) Deployment

16 March 2015 Ministry of Planning and International Cooperation Jordan Response Plan 2015.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

1 Electronic Filing System United States Patent and Trademark Office.

Visit us at usacac.army.mil AMERICA’S ARMY OUR PROFESSION – STAND STRONG 1 U.S. Army Combined Arms Center Training United States Army Combined Arms Center.

Student Financial Assistance. Session 40-2 Session 40 Web Tools: SFA Self-Assessment/ Compliance Modules.

TTBIZLINK PROJECT MINISTRY OF TRADE, INDUSTRY, INVESTMENT & COMMUNICATIONS.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

Labeling and Program Delivery Division USDA, FSIS, OPPD

CDS CERTIFICATION AND ACCREDITATION PROCESS

HIPAA COMPLIANCE WITH DELL

Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,

Michigan’s E-Grants Project Presented by: C. Douglass Couto Agency Services Information Officer Department of Information.

NIST Special Publication Revision 1

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.

1. Proposal deadline 2. Timeline  A grant opportunity announcement will include a sponsor deadline for receipt of the proposal.  The instructions will.

U.S. Department of Transportation Pipeline and Hazardous Materials Safety Administration USDOT – PHMSA HMEP Grants Major Audit Findings NASTTPO April 25,

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

NESTOA September 20, 2011 Safeguards Program Briefing.

Evaluation Plan New Jobs “How to Get New Jobs? Innovative Guidance and Counselling 2 nd Meeting Liverpool | 3 – 4 February L Research Institute Roula.

Circuit Rider Training Program (CRTP) Circuit Rider Professional Association Annual General Meeting and Conference August 30, 2012.

Jewuan Davis DSN Voice Connection Approval Office 18 May 2006 DSN Connection Approval Process (CAP)

Washington, DC December 6, 2006 Formula and Process for Nonbeverage Product (TTB F ) – Briefing for Automated Form Completion.

Submitting Course Outlines for C-ID Designation Training for Articulation Officers Summer 2012.

Tier I: Module 5 CERCLA 128(a): Tribal Response Program Element 4: Verification & Certification.

Earned Value Management Presented By: Steve Krivokopich May , 2006.

Making every vote count. United States Election Assistance Commission EAC Voting System Certification TGDC Meeting December 9-10, 2009.

Systems Accreditation Berkeley County School District School Facilitator Training October 7, 2014 Dr. Rodney Thompson Superintendent.

Defense Security Service Contractor SIPRNet Process June 2013

Managing Web Components of the National Marine Mammal Health and Stranding Response Program (MMHSRP) System Presented by: Angela D. Collins-Payne Information.

County LOGIN to DLGF Apps County IT Session June 30, : :00 a.m. IGC Auditorium 302 W. Washington St. Indianapolis, IN

VA Central IRB K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development Department of Veterans Affairs September.

LRC Network Planning for Records Management improvement Kathryn Dan, GM University Records and Policy.

School Improvement Updates Accreditation (AdvancED) Process ASSIST Portfolio for Schools May 2016 Office of Service Quality Veda Hudge, Director Donna.

ISSM 101 Break-Out Session

IRB reporting updates.

Anna Preston Vance, HA of Paris

Duck, Duck, Goose Keeping your IRB Ducks in a Row

Josh Thompson Classified Information Systems – Western Region

Defense Security Service Risk Management Framework (RMF)

School Improvement October 2016.

System Safety Regulation

Presentation transcript:

1 Office of the Designated Approving Authority (ODAA) April 2008

2 DSS Designated Approving Authority –(DAA) Government entity responsible for approving cleared contractor systems to process classified data. –Primary functions and goals are to ensure system security controls are in place that limit the risk of compromising national security information. –Provide a system to efficiently and effectively manage a certification and accreditation process. –Ensure adherence to national industrial security standards.

3 ODAA Improving Accreditation Timeliness and Consistency Average Timelines Nov through Feb IATOs - 30 Days on Average 92% ATOs - Granted From On-Site Verification Improvements Planned for Standardize System Security Plans (Templates) (Spring 2008) 2.Standard configurations for various operating systems (Spring 2008) 3.Tools to assist contractors in complying with configuration standards (Spring 2008) 4.Updating ODAA Process Guide by adding more clarity, procedural instructions, and examples (Spring 2008) 5.ODAA system capabilities will provide ability to submit template plans online and gather metrics more efficiently (Winter 2008) These improvements will equate to quicker IATO and ATOs!

4 ODAA Metrics Security Plan Reviews February IATO Plans Submitted and Reviewed 9 Days – Time to perform initial DSS review (1 st QTR ) 9 Days – Contractors response to DSS questions/comments (1st QTR ) 26 Days – Time from DSS receipt of plans to granting of IATOs (1st QTR ) 30 Days – Average Review Time

5 Security Plan Review Questions and/or Comments, Errors/Corrections Noted 33% Plans required some changes (1st QTR ) 6.1% Plans had general procedures contradict protection profile requirements (1st QTR %) 7.9% Plans not tailored to system (1st QTR %) 12.3% Plans had incomplete or missing attachments (1st QTR %) 14.9% Plans had missing ISSM certifications (1st QTR %) 7% Plans had integrity/available not completely addressed (1st QTR %) 5.3% Plans had inadequate trusted downloading procedures (1st QTR %) 9.6% Plans had inaccurate or incomplete configuration diagram/system description (1st QTR %) 3.5% Plans inadequate antivirus procedures (1st QTR %) ODAA Metrics Security Plan Reviews

6 ODAA Metrics and Organization On-site Verification Stats (38% Required Some Level Modifications) #1. No discrepancies discovered during on-site validation. #2. Minor discrepancies noted and corrected during on-site validation. #3. Significant discrepancies noted which could not be resolved during on-site validation.

7 ODAA System Security Plans (Templates) Standardizing System Security Plans (Templates) ODAA is in final stages of developing a SSP for stand alone and peer-to-peer system types Other system type SSP templates will be developed in 2008 Benefit to Accreditation Process Instituting a standard SSP will improve consistency across the industry in submitting security plans for DSS review and approval. Common submission and reviewer errors will be addressed which translates into shorter DSS review and reducing correspondence with contractors Also, standard SSP will assist smaller contractors who may not be as seasoned as mid/larger contractors in the classified certification and accreditation process

8 Standardizing Technical Configurations Operating Systems System technical configurations -Windows-Solaris -RedHat Linux-Others (Configurations based on DISA, NSA, and OEM) Benefits to accreditation process –Strengthening systems security by establishing a DSS implementation standard based on computer security benchmark organizations –Provide DSS added assurance that system security controls are in place at the system level thereby shortening DSS review and reducing correspondence with contractors

9 ODAA Automated Tools Automated tools will assist with DSS requirements compliance Tools being designed in conjunction with –DSS Technical Configuration Standards –DSS System Security Plan Templates –Implementation Guides Benefit to Accreditation Process –Provide DSS added assurance that system security controls are in place at the system level thereby shortening DSS review and reducing correspondence with contractors –Granting of IATOs more timely = ability to begin processing sooner

10 ODAA Process Guide Update Updated ODAA Process Guide will provide More clarity to issues brought to ODAA attention from ODAA and contractors DSS procedural instructions with examples Designed for continued improvement Bi-annually updated to address issues identified that need DSS interpretation and guidance) Benefit to accreditation process Improve consistency interpretation for DSS and contractors Improved consistency translates into clarifying and standardizing expectations across the industry Improving compliance and decreasing DSS reviews and on- site verifications = Contractors begin processing sooner

11 Enhancing ODAA System Capabilities DSS plans to design an ODAA system that will assist in the full spectrum management of the DSS certification and accreditation process. System is envisioned to have the following functionality: For Contractors Online means to submit template security plans* Online means to request status of security plans* (*assuming a secure mechanism can be implemented) For DSS Online means for ODAA to centrally manage, distribute, monitor, and account for security plans electronically

12 Enhancing ODAA System Capabilities (Cont’d.) Benefit to Accreditation Process –DSS management will be able to obtain immediate metrics for the ODAA mission –Metrics will identify where management attention is needed for steering resources and identify opportunities for improvements –Plans can be efficiently distributed to appropriate staff in near real-time thereby reducing human intervention (opening attachments etc..) and plan transmission more efficiently –Contractors will have a venue to efficiently submit (upload) security plan templates as opposed to ing plans –Automated ability to ensure plans were received by DSS –Ability to obtain plan status

13 David Cole ODAA Alexandria, VA Assistant HQ ODAA Mike Farley Alexandria, VA Northern Region DAA David Berglund Boston, MA Capital Region DAA Karl Hellman Chantilly, VA Southern Region DAA Randy Riley Melbourne, FL Western Region DAA Timothy Weaver San Diego, CA ODAA Organization