Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Slides:

Advertisements

Similar presentations

Risk Management Framework Implementation

Advertisements

BENEFITS OF SUCCESSFUL IT MODERNIZATION

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

MCIWEST Information Assurance Mr. David Robbins MCIWEST Information Assurance Manager (Bldg 24200) Camp Pendleton, CA Comm: (760) DSN:

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

Cybersecurity and the Risk Management Framework

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

The IA Roadmap Baked-in versus Brushed-on Integrating IA into Major Programs Art King IBM Business Consulting Services Acquisition Team, DIAP

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Risk Management Framework

IA CERTIFICATION TRAINING AND CONTINUING EDUCATION OPPORTUNITIES IN THE LOCAL AREA PRESENTER: DEBORAH J. SINCLAIR, Ph.D. Standard Technology, Incorporated.

NIST SP , Revision 1 Applying Risk Management to Information Systems (Transforming the Certification and Accreditation Process) A Tutorial February.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.

N-Wave Shareholders Meeting May 23, 2012 N-Wave Security Update Lisa

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

CMMi What is CMMi? Basic terms Levels Common Features Assessment process List of KPAs for each level.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

NIST Special Publication Revision 1

Move over DITSCAP… The DIACAP is here!

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],

New 5000 Documents 14 May 2001 New 5000 Documents 14 May 2001 Defense Systems Management College Acquisition Policy Department.

Georgia Institute of Technology CS 4320 Fall 2003.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Jewuan Davis DSN Voice Connection Approval Office 18 May 2006 DSN Connection Approval Process (CAP)

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.

1 What does Cybersecurity Risk Management at UW-Madison look like? Initiate DesignImplement Operate & Maintain Operate it Securely Build it Right RMF Categorize.

0 2 Nov 2010, V1.4 Steve Skotte, DAU Space Acquisition Performance Learning Director New Space Systems Acquisition Policy.

CMMI1 Capability Maturity Model Integration Eyal Ben-Ari 8/2006.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Configuration Control (Aliases: change control, change management )

Cybersecurity & Acquisition Lifecycle Integration Tool (CALIT)

PL ALTESS Application Modernization and Risk Management Framework Services Presented By: Scott Friend Chad Vance.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

The Risk Management Framework (RMF)

Cybersecurity and Acquisition Lifecycle Tool (CALIT)

Cybersecurity Pre-work Assignment Please read these slides as pre-work TST 204 Pre-work Reading Assignment March, 2014 version

Defense Security Service Risk Management Framework (RMF)

ISA 201 Intermediate Information Systems Acquisition

DoD Cyberspace Workforce Definitions

Cybersecurity and the Risk Management Framework

ISA 201 Intermediate Information Systems Acquisition

Improving Mission Effectiveness By Exploiting the Command’s Implementation Of the DoD Enterprise Services Management Framework - DESMF in the [name the.

ISA 201 Intermediate Information Systems Acquisition

These slides used to be a Cybersecurity Pre-work Assignment (No longer a Pre-work Assignment) TST 204 Pre-work Reading Assignment March, 2014 version.

Josh Thompson Classified Information Systems – Western Region

Raytheon Parts Management

Matthew Christian Dave Maddox Tim Toennies

Defense Security Service Risk Management Framework (RMF)

DoD Cyberspace Workforce Definitions

RMF Process in the NISP eMASS

Presentation transcript:

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. 1 Cybersecurity - Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. Department of Defense Instruction (DoDI) , March 14, 2014 DoDI adopts the term “cybersecurity” to be used throughout the DoD instead of the term “information assurance (IA).” Department of Defense Directive (DoDD) E, April 23, 2007

Tim Denman – Defense Acquisition University DoD Instruction – Cybersecurity – Signed March 14, 2014 DoD Instruction – Risk Management Framework (RMF) for DoD Information Technology (IT) – Signed March 12, 2014 Cybersecurity RMF steps and activities, as described in DoD Instruction , should be initiated as early as possible and fully integrated into the DoD acquisition process including requirements management, systems engineering, and test and evaluation. DoDI , January 7, 2015

Tim Denman – Defense Acquisition University 2015 Roadmap stepMilestonePhase of Lifecycle Establish an IA organizationAEarly in Tech Development (TD) Identify IA requirementsAEarly/mid stages of TD Develop an acquisition IA strategyAEarly/mid/late stages of TD Secure resources for IAAEarly/mid to late stages of TD Initiate DIACAPAMid TD to end of Engineering and Mfg Development (EMD) Incorporate IA solutionsBMid/late TD to end of EMD Test and evaluate IA solutionsBEarly/mid EMD to mid Production and Deployment (PD) Accredit the systemCMilestone C Maintain the system’s security posture throughout its life-cycle CThroughout PD and Operations & Support ACB IA Roadmap Under DIACAP MATERIAL SOLUTIONS ANALYSIS TECHNOLOGY DEVELOPMENT ENGINEERING AND MANUFACTURING DEVELOPMENT PRODUCTION and DEPLOYMENT OPERATIONS & SUPPORT

Tim Denman – Defense Acquisition University Cybersecurity requirements must be identified and included throughout the lifecycle of systems to include acquisition, design, development, developmental testing, operational testing, integration, implementation, operation, upgrade, or replacement of all DoD IT supporting DoD tasks and missions.

Tim Denman – Defense Acquisition University Step 1: Categorize System - Categorize the system in accordance with the CNSSI Initiate the Security Plan - Register system with DoD Component Cybersecurity Program - Assign qualified personnel to RMF roles Step 3: Implement Security Controls - Implement control solutions consistent with DoD Component Cybersecurity architectures - Document security control implementation in the security plan Step 2: Select Security Controls - Common Control Identification - Select security controls - Develop system-level continuous monitoring strategy - Review and approve the security plan and continuous monitoring strategy - Apply overlays and tailor Step 4: Assess Security Controls - Develop and approve Security Assessment Plan - Assess security controls - SCA prepares Security Assessment Report (SAR) - Conduct initial remediation actions Step 5: Authorize System - Prepare the POA&M - Submit Security Authorization - - Package (security plan, SAR and POA&M) to AO - AO conducts final risk determination - AO makes authorization decision Step 6: Monitor Security Controls - Determine impact of changes to the system and environment - Assess selected controls annually - Conduct needed remediation - Update security plan, SAR, and POA&M - Report security status to AO - AO reviews reported status - Implement system decommissioning strategy

Tim Denman – Defense Acquisition University What this means: The longer you stay with DIACAP, the shorter the ATO. DIACAP certified systems should be almost extinct by mid-year 2018.