Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES-413493.

Published byBeatrice Nichols Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES-413493."— Presentation transcript:

1 1 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES-413493

2 2 NNSA Policies are driving dramatic changes Background NAPs alive since 2003 Some iterations and pushback C-versions in late 2007 LLNL Gap Analysis done early 2008 HSS audit used NAPs vision 2008 LLNL plan and revisions submitted to LSO 9/08, 1/09, 4/09 Formal project opened 3/09 What’s NAP? NNSA Policy Letters: NAP 14.1-C, NNSA Baseline Cyber Security Program NAP 14.2-C, NNSA C&A Process for Information Systems Impact Full compliance: years away Good faith effort | steady progress Culture changes Risk and high stakes Goal Make all cyber operations compliant with NAPs by September 30, 2012 LLNL-PRES-413493

3 3 Broad impacting scope and strategy Strategy Establish project team Develop project plan that Programs and institutional organizations can accept Use project team (and tools) to coordinate efforts of the PADs Implement centralized core services to reduce cost of NAP compliance Create standard configurations based on national standards Build a Site Security Configuration Library to track configuration standards Convert plans, policies and procedures to be NAP compliant New requirements New security plan formats Security configuration standards Stronger risk assessments Contingency plans for each systems Business Impact Assessments Centralization of classified systems Up to 330 controls per system/service Restricting local administrative rights Overhaul of all computer security policies Integrate cyber security with the Lab’s emergency procedures LLNL-PRES-413493

4 4 Project Approach Integration Integrate many plans into one Integrate services at the institution level into a single plan Subsume existing similar plans Consolidation Phasing the Approach Consolidate similar plans into broader site-wide plans Document differences in sub-plans Sub-plans inherit security policies from their parent plans Project Approach Formalization, structured Led by an experienced PMP Broad reach across the enterprise Reporting and accountability Deliverables and milestones Starting with the site-wide plans Subordinate/program plans follow using well-crafted templates for plans and test plans Classified plans to follow to apply valuable lessons learned from unclas LLNL-PRES-413493

5 5 SharePoint used intensively for Project Management Lists in Use Plans Deadlines Calendar Comms Plan Families NAP controls Strategies Subgroup tracking Lessons learned captures Risk Register Meeting workspaces For project meetings Standing agenda items: Issue Log check Tasks check Plans statusing Posting minutes Recording decisions Planning agenda items well in advance LLNL-PRES-413493

6 6 The Plans lifecycle has been created and socialized  Plan development/review is a 9-month process  Urgency of NAPs Implementation requires compressing 9 months into 5-6 months for unclassified plans LLNL-PRES-413493

7 7 Document flowdown Requirement LLNL Policy Procedure ST&E NAP 14.1 NAP 14.1 NAP 14.2 NAP 14.2 SPP ISSP Information system accreditation method SPP IM-2 SPP IM-2 SPP IM-3 SPP IM-3 STE-2 STE-3 Local CSPP SPP IM-1 SPP IM-1 STE-1 SPP IM-1 SPP IM-1 STE-1 Central policy catalog LLNL-PRES-413493

8 8 SPP (Security Plan Policy) and SSCL (Site Security Configuration Library) SSCL The SSCL will be used in all security plans Each entry has: Approved configuration Security test script Listing of NAP controls met by each component Process development and prototyping underway Stores authorizations basis, configuration of controls and test tools for all components Ensures NAP-compliance based on NIST, NSA, DISA, CIS and other national standards SPP Key document generated at the institution level Lists for every 14-2.C control: Policy (the NAP text) Supplemental guidance Enhancements Implementation “Dash-One” & “Dash-Two” Potential assessment methods Examine, interview, test 800.53 measures From this derives a plan’s ST&E LLNL-PRES-413493

9 9 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES-413493

Download ppt "1 Lawrence Livermore National Laboratory LLNL NAPs Implementation Project NLIT 2009 Mark Dietrich, LLNL LLNL-PRES-413493."

Similar presentations

Program Management Office (PMO) Design

Program Management Office (PMO) Design
Finding Vaughan’s PMO Groove May 5, 2009. Agenda 1. Introduction 2. Background 3. Project Management Phases 4. Business Change Management 5. Next Steps.

Finding Vaughan’s PMO Groove May 5, Agenda 1. Introduction 2. Background 3. Project Management Phases 4. Business Change Management 5. Next Steps.
HP Quality Center Overview.

HP Quality Center Overview.
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
Project Management Framework May 2010 Ciaran Whyte Risk Administrator Planning & Strategic Projects Unit.

Project Management Framework May 2010 Ciaran Whyte Risk Administrator Planning & Strategic Projects Unit.
Project Cost Management Estimation Budget Cost Control

Project Cost Management Estimation Budget Cost Control
Project Management: A Critical Skill for Organizations Presented by Hetty Baiz Project Office Princeton University.

Project Management: A Critical Skill for Organizations Presented by Hetty Baiz Project Office Princeton University.
1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.

1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.

Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
5/29/2007SE 652 - TSP Launch1 Team Software Project (TSP) May 29, 2007 Launch/Strategy Team Formation.

5/29/2007SE TSP Launch1 Team Software Project (TSP) May 29, 2007 Launch/Strategy Team Formation.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
10.5 Report Performance The process of collecting and distributing performance information, including status reports, progress measurements and forecasts.

10.5 Report Performance The process of collecting and distributing performance information, including status reports, progress measurements and forecasts.
project management office(PMO)

project management office(PMO)
EPLC Deliverables Sherry Brown-Scoggins & Wanda Hall

EPLC Deliverables Sherry Brown-Scoggins & Wanda Hall
Software Engineering Institute Capability Maturity Model (CMM)

Software Engineering Institute Capability Maturity Model (CMM)
Implementation of Project Governance at the Center Level

Implementation of Project Governance at the Center Level
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
Software Configuration Management (SCM)

Software Configuration Management (SCM)
Discovering 10232A – Designing and Developing Microsoft SharePoint Server 2010 Applications Robert Bogue.

Discovering 10232A – Designing and Developing Microsoft SharePoint Server 2010 Applications Robert Bogue.
Project Management Process Overview

Project Management Process Overview

Similar presentations

Ads by Google