Presentation is loading. Please wait.

Presentation is loading. Please wait.

US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be.

Published byGervase Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be."— Presentation transcript:

1 US Department of State Jay Coplon

2 My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be answered

3 Key Points Quantitative Metrics Toolkits, Tools and Templates Continuous Monitoring Questions and Answers

4 Decision Memo Authorization to Operate When the Control Limits have not been exceeded.

5 Decision Memo Authorization to Operate When the Control Limits have been exceeded.

6 Risk Score in iPost Control Limit 5% or Less Medium Risk Specification Limit 6 -15% Medium Risk System Owner will manage their systems iPost Risk Score which is represent by an average over a 30 day period.

7 Fully Reporting in iPost System Owner will maintain a high level of hosts fully reporting (to iPost) within the accreditation boundary. Fully means current reporting on hardware, software, patch, vulnerability, and compliance Control Limit Falls below 90% Specification Limit Falls below 70%

8 Little or No Medium Traditional Risk The System Owner will maintain a level or state of low or no Medium business risk as determined by traditional C&A. Control Limit 5% or Less Medium Risk Specification Limit 6 -15% Medium Risk

9 Notifications of Change When risk is above the specification limit notifications of change will not be considered. Control Limit 3 or more consecutive months Specification Limit <3 consecutive months

10 C&A – How we communicate with our customers. SharePoint Website  Policy, Procedure, Standard Document Center  Organized by categories Alert Notifications  Page and/or Document Workshops  Tools

11 SharePoint

12

13

14

15 Get Ready Get Set STOP! Exceed any specification limit Readiness to Start C&A Checklist

16 FIPS 199 and OMB M-04-04 Categorize your System Determine the Assurance Level

17 Control Selection Tool Identify which controls have been implemented How each control has been implemented C&A and Annual Security Control Assessments Manage controls over the systems lifecycle

18 POA&M Tester Database Tool Linked to the system FIPS 199 categorization Import Open Findings from previous assessments Finding and Recommended remediation Failed Controls are identified Standardizes the risk is calculated for each finding Risk Scoping

19 iPost Continuous Monitoring

20 IPost Continuous Monitoring

21 Questions and Answers

Download ppt "US Department of State Jay Coplon. My Commitment You will get a sense for how we do C&A You will find value in being here All of your questions will be."

Similar presentations

Program Management Office (PMO) Design

Program Management Office (PMO) Design
Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.

Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.

1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.
1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.

1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.
PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 December 23,
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
Delivery Business Solutions April 29, 20131 Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.
How to Release a RFP/RFQ AT FIRST 5 LA February 2, 2010.

How to Release a RFP/RFQ AT FIRST 5 LA February 2, 2010.
XLC Gate Review Consolidated Slide Deck [Project Name:] [Clarity ID:] Centers for Medicare & Medicaid Services eXpedited Life Cycle (XLC) 1 Note: Each.

XLC Gate Review Consolidated Slide Deck [Project Name:] [Clarity ID:] Centers for Medicare & Medicaid Services eXpedited Life Cycle (XLC) 1 Note: Each.
A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect

A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect
PAGE www.fedramp.gov Agency ATO Quick Guide 1 May 1, 2015 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 May 1,
Lesson-11 Information System Development

Lesson-11 Information System Development
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Project Management and MS Project. The project management triangle: Time Resources Scope.

Project Management and MS Project. The project management triangle: Time Resources Scope.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Similar presentations

Ads by Google