US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.

Slides:



Advertisements
Similar presentations
Program Management Office (PMO) Design
Advertisements

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
CIP Cyber Security – Security Management Controls
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.
1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.
How to Release a RFP/RFQ AT FIRST 5 LA February 2, 2010.
XLC Gate Review Consolidated Slide Deck [Project Name:] [Clarity ID:] Centers for Medicare & Medicaid Services eXpedited Life Cycle (XLC) 1 Note: Each.
A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect
PAGE Agency ATO Quick Guide 1 May 1,
Lesson-11 Information System Development
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Ensuring Information Security
User Services. Services Desktop Support Technical Support Help Desk User Services Customer Relationship Management.
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
What is Business Analysis Planning & Monitoring?
INTEGRATED SECURITY SOLUTION FOR FISMA REPORTING Environmental Protection Agency Shared Service Center.
How To Apply Quality Management
Where Quality Talk is #1. QAP = Quality Assurance Program Transaction entry and approval moved from Business Affairs to Business Centers – Created a need.
(ISC)2 SecureLondon 2009, London, United Kingdom This information is not intended, and should not be construed, as an offer to sell, or as a solicitation.
Security Assessments FITSP-A Module 5
Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.
Why use RequisitePro RequisitePro is a comprehensive tool that supports any of today's requirements management processes. The predominant requirements.
N-Wave Shareholders Meeting May 23, 2012 N-Wave Security Update Lisa
NIST Special Publication Revision 1
Roles and Responsibilities
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
1 Quality Center 10.0 NOTE: Uninstall the current version of QC before downloading QC All QC 10.0 documents can be located on the BI Shared Services.
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
Performance Management: Getting Ready for Accreditation Needs Assessment Survey Community Assessment 1 Online survey Open to anyone interested in this.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
It is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Scott Butson District Technology Manager. Provide professional to all district staff Professional development has been provided on a regular basis to.
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.
Example Incident Mgmt Initiation No recording of Incidents Users can approach different departments Solutions of previous incidents are not available.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Authorizing Information Systems FITSP-A Module 6.
Using OMB Section 508 reporting in addressing your agency's program maturity. How to Measure Your Agency's 508 Program.
Quentis Scott IT Specialist - Section 508 Coordinator General Services Administration Office of the Chief Information Officer Washington, D.C. Developing.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
Internal Control Process at Geneseo. Objectives Understand the objectives of effective internal controls Describe Geneseo’s internal control program Accurately.
US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.
Security Checklists for IT Products
Project Quality Management
Third Party Risk Governance in a Diverse Environment
Enterprise Content Management Owners Representative Contract Approval
CMGT 431 Competitive Success/snaptutorial.com
CMGT 431 Education for Service-- snaptutorial.com.
CMGT 431 STUDY Education for Service- -cmgt431study.com.
Compliance Toolbox.
Capabilities Briefing
Presentation transcript:

US Department of State Jay Coplon

My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be answered

Key Points Quantitative Metrics Toolkits, Tools and Templates Continuous Monitoring Questions and Answers

Decision Memo Authorization to Operate When the Control Limits have not been exceeded.

Decision Memo Authorization to Operate When the Control Limits have been exceeded.

Risk Score in iPost

Fully Reporting in iPost System Owner will maintain a high level of hosts fully reporting (to iPost) within the accreditation boundary. Fully means current reporting on hardware, software, patch, vulnerability, and compliance

Low or No Medium Traditional Risk The System Owner will maintain a level or state of low or no Medium business risk as determined by traditional C&A.

Notification of Change Metrics Exceeding the Specification Limits Exceeding the Control Limits

C&A – How we communicate with our customers. SharePoint Website  Policy, Procedure, Standard Document Center  Organized by categories Alert Notifications  Page and/or Document Workshops  Tools

SharePoint

Get Ready Get Set STOP! Exceed any specification limit Readiness to Start C&A Checklist

FIPS 199 and OMB M Categorize your System Determine the Assurance Level

Control Selection Tool Identify which controls have been implemented How each control has been implemented C&A and Annual Security Control Assessments Manage controls over the systems lifecycle

POA&M Tester Database Tool Linked to the system FIPS 199 categorization Import Open Findings from previous assessments Finding and Recommended remediation Failed Controls are identified Standardizes the risk is calculated for each finding Risk Scoping

iPost Continuous Monitoring

IPost Continuous Monitoring

Questions and Answers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.