Certification and Accreditation CS-7493-01 Syllabus Ms Jocelyne Farah Mr Clinton Campbell.

Slides:

Advertisements

Similar presentations

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

Advertisements

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

The Common Criteria for Information Technology Security Evaluation

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

DISN Video Services September 21, 2009 An Overview of the VTF DIACAP Process A Combat Support Agency Defense Information Systems Agency.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Security Controls – What Works

Information Security Policies and Standards

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Information Systems Security Officer

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

By: Ashwin Vignesh Madhu

First Practice - Information Security Management System Implementation and ISO Certification.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Stephen S. Yau CSE , Fall Security Strategies.

Fraud Prevention and Risk Management

S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,

Complying With The Federal Information Security Act (FISMA)

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

CDS CERTIFICATION AND ACCREDITATION PROCESS

C &A CS Unit 2: C&A Process Overview using DITSCAP Jocelyne Farah Clinton Campbell.

Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.

Federal Cyber Policy and Assurance Issues Dwayne Ramsey Computer Protection Program Manager Berkeley Lab Cyber Security Summit September 27, 2004.

Move over DITSCAP… The DIACAP is here!

Certification and Accreditation CS Unit 1: Background LTC Tim O’Hara Ms Jocelyne Farah Mr Clinton Campbell.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

NMS Certification and Accreditation (C&A) Removal of Material Weakness for NMS Security and Access Controls Jim Craft USAID ISSO.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

QE101: Introduction to the Qualified Entity (QE) Program March 22, 2013.

KS3 Phase4 Client Server Monitoring System October 1, 2008 by Stephen, Seema, Kam, Shpetim.

Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven.

P1516.4: VV&A Overlay to the FEDEP 20 September 2007 Briefing for the VV&A Summit Simone Youngblood Simone Youngblood M&S CO VV&A Proponency Leader

Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations.

Jewuan Davis DSN Voice Connection Approval Office 18 May 2006 DSN Connection Approval Process (CAP)

CNES security development process. 2 Basic rules High level principles for ISS activities on projects are: ■Decisions dealing with security risks must.

Certification and Accreditation CS Unit 2:ITSEC System Classes LTC Tim O’Hara Ms Jocelyne Farah Mr Clinton Campbell.

DOD SOFTWARE ASSURANCE INITIATIVE: Mitigating Risks Attributable to Software through Enhanced Risk Management Joe Jarzombek, PMP Deputy Director for Software.

The Goal: To Climb Above The Competition Copyright 2005: I Lead Projects, L.L.C. Course Description Project Process Workplates Project Process Workplates.

SecSDLC Chapter 2.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

1 Certification and Accreditation CS Unit 4:RISK MANAGEMENT Jesus Gonzalez Kalpana Bahunoothula Jocelyne Farah.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.

Dec. 6, 2010 Gum-Ho Choe Accreditation of Software Testing Working Group, APLAC Technical Committee.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

1 Certification and Accreditation CS Unit 4:RISK MANAGEMENT Jesus Gonzalez Kalpana Bahunoothula Jocelyne Farah.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

SQA project process standards IEEE software engineering standards

2012 Spring Simulation Interoperability Workshop

Security Methods and Practice CET4884

SQA project process standards IEEE software engineering standards

Introduction to the Federal Defense Acquisition Regulation

Certification and Accreditation

IS4550 Security Policies and Implementation

Instrument PDR Summary of Objectives

Lifecycle of vehicle type vs Lifetime of one vehicle

Engineering Processes

Discussion points for Interpretation Document on Cybersecurity

Presentation transcript:

Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell

Introduction Verification Security Features Implemented Documentation Validation Validate the integrated system Post Accreditation Monitor compliance and change management Definition Mission, Architecture & Environment Security Requirements SSAA n NSDD 145 and related laws: Must protect both classified and unclassified; but also sensitive information

3Overview n Core Materials –National Information Assurance Certification and Accreditation Process (NIACAP) –DoD Information Technology Security Certification and Accreditation Process (DITSCAP) n Units Outline 1.Background 2.ITSEC System Classification 3.Process Overview 4.Risk Management 5.Common Criteria 6.Phase 1 – Definition 7.Phase 2 – Verification 8.Phase 3 – Validation 9.Phase 4 – Post Accreditation n Assignments Ref: NIACAP, DITSCAP, and DITSCAP Manual

4 Unit 1:Background n Threats, Vulnerabilities, & Risk n Guidance –Selected Applicable Public Law –National Security Policy & Directives –DoD Policy, Directives, & Instructions n Definitions –System & System Classes –Designated Approving Authority (DAA) –Certification –Accreditation

5 Unit 2:ITSEC System Classification n ITSEC Classes –Introduction –Interfacing Mode –Processing Mode –Attribution Mode –Mission-Reliance Factor –Accessibility Factor –Accuracy Factor –Information Category n Security Requirements n Determination of System Class

6 Unit 3:Security Process Overview n C&A Process –Phase I- Definition –Phase II- Verification –Phase III- Validation –Phase IV- Accreditation n Critical Concepts –SSAA Overview –Key to Success – Agreement –Life Cycle Tailoring –Certification Levels –Risk Management

7 Unit 4:Risk Management n Review – Threats, Vulnerabilities, & Risk n Identifying and Assessing Risk n Assessing Threats and Vulnerabilities n Risk Management Concept

8 Unit 5:Common Criteria (CC) n Purpose n Overview n COTS Products Using the CC

9 Unit 6:Phase I-Definition n Accreditation Options n Accreditation Boundaries n Phase I –Overview –Activities –Certification Tasks –Role and Responsibilities

10 Unit 7:Phase II- Verification n Phase II –Overview –Activities –Certification Tasks –Role and Responsibilities n Minimal Security Checklists –System Architecture Analysis –S/W H/W Firmware Design Analysis –Network Connection Rule Compliance Analysis –Integrity Analysis of Integrated Products n Common Criteria –Life Cycle Management Analysis –Vulnerability Assessment

11 Unit 8:Phase III- Validation n Phase III –Overview –Activities –Certification Tasks –Role and Responsibilities n Minimal Security Checklist –Security Test and Evaluation –Penetration Testing –Tempest and Red/Black Verification –COMSEC Compliance Verification –System Management Analysis –Site Accreditation Survey –Contingency Plan Evaluation –Risk Management Review

12 Unit 9:Phase IV- Post Accreditation n Phase IV –Overview –Activities –Certification Tasks –Role and Responsibilities

13Assignments n Team Presentation Selection: To Be Determined n Additional Assignments: To Be Determined