Presentation is loading. Please wait.

Presentation is loading. Please wait.

Continuous Monitoring

Published byStanley Leonard Modified over 5 years ago

Similar presentations

Presentation on theme: "Continuous Monitoring"— Presentation transcript:

1 Continuous Monitoring
RMF Step 6 Under NISP RMF FISWG

2 Objectives Recap the Six Steps in the RMF Process
DSS-provided RMF Guidance and Resources Overview of an RMF Continuous Monitoring (CONMON) Strategy Example of CONMON Tracking Document Overview of the 18 Security Control Families Review and Discuss Selected Security Controls Objectives FISWG

3 The Six RMF Steps (from DAAPM v1.3) FISWG

4 DSS Assessment and Authorization Process Manual (DAAPM) v1.3
Outlines DSS RMF processes and procedures Defines RMF roles and responsibilities Identifies minimum training requirements for ISSM/ISSO Provides configuration management guidance Establishes the significance of Continuous Monitoring (CONMON) in DAAPM RMF Step 2/Task 4 where it states, in part: “Ongoing monitoring of the security controls is a critical part of risk management. Effective monitoring includes, but is not limited to, configuration management and control, security impact analyses on proposed changes, assessment of selected security controls, and security status reporting. “ DSS Assessment and Authorization Process Manual (DAAPM) v1.3 FISWG

5 The DSS SSP Overlay System Security Plan (SSP) Excel Version 1.2
Provides a simple six-tab MS Excel workbook format for completing an SSP The overlay provides pre-selected security controls for SUSA/MUSA/Isolated Networks based on DSS Moderate/Low/Low control selection Certain controls not selected for a system type are “tailored out” by default and will have a “ – “ under the applicable system type Tab 5 on the Excel version of the SSP overlay is used to define a CONMON strategy for each assigned control The DSS SSP Overlay System Security Plan (SSP) Excel Version 1.2 Based on Moderate/Low/Low (MLL) FISWG

6 Provides the DSS DAAPM selected security controls in a columnar format for easy reference
Shows the DSS recommended continuous monitoring frequency in the left column Includes supplemental DSS-specific guidance for controls in the left column (for selected controls) DAAPM Appendix A Security Controls v1.2 FISWG

7 DAAPM Appendix A DAAPM Appendix A – Sample Control
NIST Guidance is the primary source for these columns DSS Guidance Good resource for DSS recommended CONMON frequency Additional DSS supplemental guidance is not included for some of the controls FISWG

8 Building a CONMON Strategy in the DSS SSP Overlay
SSP Overlay, TAB 4 “SecCtrls” Column “Q” is Used to Define CONMON Frequency SSP Overlay, TAB 5 “ConMon Strategies” Column “E” is Populated based on SecCtrls Tab Input Must describe how your facility completes the required monitoring. Documentation will likely be needed. FISWG

9 No Defined Form/Format
Controls are assigned annual, semi-annual, quarterly, monthly, or weekly CONMON frequency Tracking mechanism and documentation largely left to the facility/ISSM Best practice is to coordinate with the assigned ISSP for buy-in when possible CONMON Tracking No Defined Form/Format FISWG

10 CONMON Tracking CONMON Tracking Record – Example FISWG

11 Security Control Families
380+ RMF controls are divided into18 groups or families Many control families relate to policy, training, physical security, etc (AC) Access Control (MP) Media Protection (AT) Awareness and Training (PE) Physical and Environmental Protection (AU) Audit and Accountability (PL) Planning (CA) Security Assessment and Authorization (PM) Program Management (CM) Configuration Management (PS) Personnel Security (CP) Contingency Planning (RA) Risk Assessment (IA) Identification and Authentication (SA) System and Services Acquisition (IR) Incident Response (SC) System and Communications Protection (MA) Maintenance (SI) System and Information Integrity FISWG

12 Security Control Families…cont (AT) Awareness and Training
NOTE: This is only a small sampling of controls!!! FISWG

13 Security Control Families…cont (AT) Awareness and Training
FISWG

14 Security Control Families…cont (CP) Contingency Planning
NISPOM, c states: Contingency Planning. When contractually required, contractors will establish, maintain, and effectively implement plans for emergency response, backup operations, and post-disaster recovery operations for ISs to ensure the availability of critical information and continuity of operations FISWG

15 Security Control Families…cont (CP) Contingency Planning
FISWG

16 Security Control Families…cont (PE) Physical and Environmental Protection
FISWG

17 Security Control Families…cont (PE) Physical and Environmental Protection
Best practice dictates that a KVM switch used across classifications or security boundaries should conform to the NIAPapproved Protection Profile (PP) for peripheral sharing switches… FISWG

18 Security Control Families…cont (PE) Physical and Environmental Protection
FISWG

19 Security Control Families…cont (PS) Personnel Security
FISWG

20 Security Control Families…cont (PS) Personnel Security
FISWG

21 Security Control Families…cont (PS) Personnel Security
FISWG

22 Security Control Families…cont (SA) System and Services Acquisition
FISWG

23 Security Control Families…cont (SA) System and Services Acquisition
FISWG

24 Security Control Families…cont (SA) System and Services Acquisition
FISWG

25 Security Control Families…cont (SA) System and Services Acquisition
FISWG

Download ppt "Continuous Monitoring"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
EMS Checklist (ISO model)

EMS Checklist (ISO model)
Corporate Headquarters: 1010 Wayne Avenue, Suite 1150 Silver Spring, Maryland 20910 301.565.2988 Telephone 301.565.2995 Facsimile www.e-mcinc.com Satellite.

Corporate Headquarters: 1010 Wayne Avenue, Suite 1150 Silver Spring, Maryland Telephone Facsimile Satellite.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Managing Risk in Information Systems Lesson.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Managing Risk in Information Systems Lesson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.

1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.
Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.

Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
An overview of the NIST Risk Management Framework ISA 652 Fall 2010

An overview of the NIST Risk Management Framework ISA 652 Fall 2010
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

Similar presentations

Ads by Google