Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Lessons Learned: Certification and Accreditation.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited.

Secure Computing Network

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Roles Based Network Access Controls James R. Clifford Los Alamos.

Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.

Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.

IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Survey Report Card Nancy Griffing & Robert Rice Richmond, Suite 600 | Houston, Texas | |

by Evolve IP Managed Services

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Website Hardening HUIT IT Security | Sep

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.

Welcome to iDOC Corp. DocHost Solution Online Document Management DocHost 14 Day Free Trial

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Time Matters ® A Practice Management, Client Relationship Management, and Document Management System Presented by Alana Seibert.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Federal Cyber Policy and Assurance Issues Dwayne Ramsey Computer Protection Program Manager Berkeley Lab Cyber Security Summit September 27, 2004.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Slide 1 Nick Salazar Operations Support.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.

. Safety means first aid to the uninjured. Area Instructional Labs and Facilities Instructional Desktops /Notebooks 1 Non-Instructional Desktops /Notebooks.

The Office of Information Technology Campus Network Upgrade A three year plan facilitating increased reliability, functionality and speed for the UTSA.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing.

Operated by Los Alamos National Security, LLC for DOE/NNSA U N C L A S S I F I E D Slide 1 Los Alamos National Laboratory Yvonne Gonzales, Small Business.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

MOST™ Measure of Success Tracking Behavioral Health Compliance Solutions, LLC Presents.

1 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

ISPE Cyber Security S99 Update December 08, 2009.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

B.Y.O.D. Bring Your Own Device Considerations for Implementing an Open Mobile WiFi Campus By Kristin Morris M.E.T. program, June 2012 Boise State University.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Slide 1 Sun Ray Deployment in a Scientific.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Managing Network Threat Information  Giri Raichur, Network Services.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Chemical Safety at a Nuclear Facility Michael E. Cournoyer, Ph.D.

Information Security tools for records managers Frank Rankin.

Fall  Comply with PCI compliance policies set forth by industry  Create internal policies and procedures to protect cardholder data  Inform and.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F.

Operated by Los Alamos National Security, LLC for DOE/NNSA U N C L A S S I F I E D LA-UR LANL Case Study: Funding Computing Support NLIT 2008 Michael.

Component 8/Unit 1bHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 1b Elements of a Typical.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D LANL Unclassified Network Re-engineering.

Welcome.  Henrietta TurnerManager, License Administration Colorado Parks & Wildlife (CPW) IPAWS Project Sponsor  Ken ThomSenior IT Project Manager Governor’s.

Performing Risk Analysis and Testing: Outsource or In-house

Chapter 7. Identifying Assets and Activities to Be Protected

Brandon Botes #SPSDBN Records Management – Friend or Foe ???

HARDENING CLIENT COMPUTERS

CAS-002 Dumps PDF CompTIA Advanced Security Practitioner (CASP) CAS-002 Dumps CompTIA.

Introduction to the Federal Defense Acquisition Regulation

Unit 27: Network Operating Systems

Level 2 Diploma Unit 11 IT Security

Module 1: Overview of Systems Management Server 2003

Division of Engineering Computing Services

Presentation transcript:

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Lessons Learned: Certification and Accreditation at LANL Michael S. Zollinger DCS-1 Group Leader Departmental Computing Services Division LA-UR

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Background DOE Secretary Bodman issues security compliance order (SCO) to Los Alamos National Laboratory in Summer 2007 –Requirements that had to be met by 12/10/08 –2 of the them required certification and accreditation (C&A) of the unclassified and classified computing environments under the NAP B, 14.2-B series documents Existing accredited classified plans had to be reaccredited (~55 System Security Plans (SSP) For the first time 14 unclassified SSP’s needed to be accredited

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Groundwork From the start there were several daunting challenges LANL lacked the policy foundation required by the NAPs –First several months of time were spent developing policy –This was very crucial work which is now being updated Now required to implement the NAP “C” series documents per our modified contract

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D How to Slice it? The unclassified – what to do, what to do? How do you divide this out? 40 square mile campus with several unclassified segments and standalone computers Computers ranging from electron microscopes, instrumentation cards, to high performance computing clusters

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Slide 5 Compliance Foundation SSP NAP B, 14.2-B NIST

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D NIST System Security Plans 17 Families of Controls LANL Implementation of Controls Institutional Security Requirements (ISR) Slide 6

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Institutional Security Requirements (ISR) LANL requirements for each SSP System must be registered in computer registration database (Hostmaster) declaring SSP covering inventory item If networked, system must be scanned by our network scanning tool and report out the vulnerabilities — Systems that contain vulnerabilities that are deemed critical are blocked at the switch until remediated Some plans have additional ISR’s based on the risk profile for that plan Slide 7

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Unclassified Computing System (Site) Security Plans Slide 8 Standalone Computing Legacy Computing R & D Computing Production Computing

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Unclassified Production Computing SSP Scope Networked systems ranging from printers, laptops, embedded systems, desktops, workstations, servers, compute clusters, high performance compute clusters Over 30,000 inventory items of this nature across all spectrums of unclassified networks Key Features Production Onsite Class – on LANL property only — 9 operating systems – vendor or user community supported with security related patches Production Mobile Class — 7 operating systems – vendor or user community supported with security related patches — may leave LANL property at times and may connect through 3 rd party ISP and VPN service to networks Must pass network scans for vulnerabilities Must be registered in Hostmaster registration database Slide 9

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Unclassified Research and Development Computing Scope Networked systems ranging from laptops, embedded systems, desktops, workstations, servers, compute clusters, controls systems, data acquisition systems, scientific instruments and instrumentation, etc. Key Features 9 operating systems Customized and modified operating systems Must implement an engineered controls to protect other networked devices from the unknown nature of the system and still allow network scans for vulnerabilities May not use wireless in any capacity May not leave an approved LANL location without CSSM approval Must be registered in Hostmaster database Slide 10

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Unclassified Legacy Computing Scope Laptops, desktops, workstations and servers running approved operating systems that are no longer supported by vendor or user community with security related updates and patches Key Features May not leave LANL property or approved remote locations without approval from CSSM in advance 4 approved operating systems Must implement an engineered control to protect the network from the vulnerabilities that it possesses and still allow scanning for vulnerabilities May never have wireless Must be registered in Hostmaster database Slide 11

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Unclassified Standalone Computing Scope Wide variety of computers ranging from laptops and servers, to scientific instrumentation. Located on LANL property and at collaborative locations throughout the world Key Features Must receive approval to operate via a signed enclosure Must be subject to audit every 90 days Must be approved annually — Three classes of systems Pure standalone Standalone LAN – not connected to any institutional network, but may be connected to other systems in a standalone island Standalone VPN – never connect directly to the institutional networks through any means other than central VPN service Operating system agnostic Most problematic SSP to manage Slide 12

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Challenges LANL has incurred a significant mortgage Maintenance cost is high Must fund most new requirements from existing funding streams Portfolio management underway Slide 13

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Future NAPs “C” series are now in our contract and are being addressed Implementation plan and schedule are being developed Hard work underway to integrate CAP solutions Slide 14

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Lessons Learned Defining accreditation boundary is extremely important Good working relationship with DOE Site Office is crucial LANL is very fortunate in this case Frequent meetings with DOE are important to make sure everyone is on the same page Slide 15

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Lessons Learned – cont. Education, education, education No matter how often we briefed people on the accreditation process and the ensuing requirements it didn’t penetrate Start early and keep in mind the mortgage Keep aspirin nearby Slide 16

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Questions Slide 17

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Contact Information Slide 18