6/18/ ACC / TSA Security Capabilities Workshop THANK YOU TO OUR SPONSORS. Third Party Testing Program Overview.
|
|
- Mervyn Walton
- 5 years ago
- Views:
Transcription
1 2015 ACC / TSA Security Capabilities Workshop June 16-18, 2015 #SecurityCapabilities THANK YOU TO OUR SPONSORS 2015 ACC/TSA Security Capabilities Workshop June Arlington, VA #SecurityCapabilities Third Party Testing Program Overview June 18, 2015 WARNING: This document is (FOUO). It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public or other personnel who do not have a valid need-to-know without prior approval of an authorized DHS official Transportation Security Administration 2 1
2 Third Party Testing (TPT) Program Introduction The Transportation Security Administration (TSA) TPT Program provides a standardized approach to testing Transportation Security Equipment (TSE) in response to procurement opportunities. This approach will help streamline the acquisition process by requiring vendors to provide more mature products up-front as well as save cost and time required to test, fix, and re-test during Qualification Testing (QT) and Operational Testing (OT). Key Benefits Savings in cost, time, and resources o More mature systems entering QT and OT result in a reduced cycle of test, fix, and re-test Transparency between government and vendors o Transparency leads to trust, reliability, consistency, and improves the quality of the Test and Evaluation (T&E) process 3 Cost-Benefit Analysis From TSE that exhibited system deficiencies requiring TPT, the TSA selected three systems for a cost-benefit analysis. Each TSE had resulted in multiple rounds of retests, extending the T&E timeline and increasing cost. Test Timeline Cost TSE 1 TSE 2 39 month delay between planned ARB and actual ARB 19 month delay between planned ARB and actual ARB $1.08M spent on retests $1.21M spent on retests TSE 3 59 month delay between planned ARB and projected ARB $1.22M spent on retests By addressing system deficiencies in TPT to avoid multiple rounds of retests, the TSA believes the T&E timeline can be significantly reduced. 4 TPT Program: High Level View With the TPT Program in place, the TSA will be able to approve TPT organizations that will then be available to independently test vendors systems before they enter the formal T&E process. TSA OSC T&E TPT Organization Vendor Approve TPT Organizations Maintain list of approved TPT organizations Conduct QT & OT TPT Procedures/ Admin Conformance to TSA Procedures Approve TPT Compliance to ISO/IEC and TSA specific requirements Conduct testing of product technologies per approved scope Generate test report Product Funding Test Results Offer Checked Baggage and Checkpoint products Meet TSA functional and operational requirements Test Results 5 2
3 TPT Program: Phases & Timeline FY15 Pre-Launch Finalize requirements and documentation in preparation of Go-Live TPT Program FY16 Launch Initial Go-Live and continuous monitoring FY16 Sustaining On-going improvement based on lessons learned Key Activities Publish TSA Test Method Publish TPT Program & Procedures Approve TPT Organizations Updated TSA Test Continuous monitoring Method based on and incorporation of feedback lessons learned Enhanced Program Activities Gather Feedback & Incorporate Lessons Learned Outcomes Initial List of Approved TPT Organizations On-going program improvements On-going program improvements 6 TPT Conformity Assessment Process The TPT Program requires vendors to use Third Party Test Organizations (TPTs) to independently test the TSE meets TSA requirements. Approval Conformity assessment process approves TPTs based on: Independence and quality management in accordance with ISO/IEC Technical competence of critical TSE operational areas per technology Key Benefits The benefits of leveraging the formal TPT approval process include: Consistency in testing resulting in more robust products Ensuring TPT independence from vendors Establishing an approved list of TPTs for vendors to use 7 TPT Approval Organizations applying to be TSA approved TPTs must submit an application, as well as quality system documentation conformant to the requirements of ISO/IEC and TSA specific management and technical requirements. Management Organization Management System Document Control Review of Requests, Tenders, Contracts Subcontracting Service to the Customer Complaints Improvement Corrective Action Preventive Action Control of Records Internal Audits Management Review Technical Personnel Accommodations and Environmental Conditions Test Methods and Method Validation Equipment Measurement Traceability Sampling Handling of Test Items Assuring Quality of Test Results Reporting the Results 8 3
4 TPT Approval Process Review Application & Gather Materials TPT Applicant reviews application & requirements; makes a business decision to apply TPT Applicant gathers required artifacts and completes application Submit Application TPT Applicant submits application Review by TSA TSA Review Team reviews the application and requested materials for adherence to TPT requirements Approval Decision TSA provides an approval decision to the TPT Applicant based on application review List of Approved TPT Organizations for Use by Vendors 9 Current T&E Process PMO ORD FRD Vendor Requirement Substantiation QDP Development Third Party Testing Level C Iterative test/fix cycle once formal T&E starts; increased schedule and cost OSC T&E OEM QDP Qualification Testing Operational Testing System Evaluation Report * ** Document Formal T&E Process Begins 10 Future T&E Process PMO Vendor ORD FRD Requirement Substantiation QDP Development Standard Test Method Consistent, repeatable testing processes Standard Test Reports Third Party Testing Level C Use of TPT will assist to streamline QT & OT timelines OSC T&E OEM QDP Qualificati on Testing Operational Testing System Evaluation Report * ** Document Formal T&E Process Begins 11 4
5 Appendix 12 Third Party Testing Strategy Highlights The TSA requires vendors entering the T&E process use TPT to support the development of their Qualification Data Package (QDP) Level C requirements, resulting in a more mature TSE and a higher quality QDP The TSA TPT Strategy limits a TSE to one (1) Significant Failure during QT and/or OT *Removal from testing relies on participation from the TSA Office of Security Operations in scoring failures and their determination and rationale associated with the operational impact The TSA reserves the right to put the TSE through QT or OT in it s entirety based on the assessment of the TPT effort and results The TSA also reserves the right to determine what information is shared with the OEM and TPT agent 13 National Conformity Assessment Hierarchy for Testing Approver ISO/IEC & TSA TSA OSC T&E TPT Organizations ISO/IEC TSA Specific Checked Baggage & Checkpoint Technology TSA Functional 14 5
6 TPT Process for QDP Development prior to QT/OT 15 TPT Process for Significant Failures during QT/OT 16 TPT Program: Key Activities & Timeline The TSA will develop TPT requirements and documentation, collaborating with industry partners in the process. Test Method Development Identify Critical Operational Areas per Technology Develop test scenario template Define draft test scenarios per technology based on current QT plans TSA is focusing on technologies in the process of developing new QMPs TPT Ensure TPT competency requirements map to critical op areas Update TPT requirements as needed Finalize TPT Application Process Develop TPT Application Form (including specific scope of approval) Develop TPT Test Report template Publish draft TPT Procedures for industry review Stakeholder Engagement Plan for stakeholder involvement to gain feedback on TPT requirements & program Define agenda for industry day - includes OEM & potential TPTs Hold industry day 17 6
7 TPT Program: Key Activities & Timeline (Continued ) After finalizing all necessary documentation, the TSA will launch its TPT program. Launch Preparation Finalize TPT Procedures & Test Method based on industry feedback Prepare communication channels for launch - website, box, etc. Finalize forms and TPT letters (approve, need more info, deny) Publish final TPT Procedure document and Test Method Initial List Launch Announce start of TPT application process Approve TPT organizations Post approvals on website Announce approved TPT list to stakeholders Continuous Monitoring Continue approval of TPT organizations, as needed Monitor TPT organizations Discuss possible transition to private-sector Accreditation Body 18 TPT Program: Major Accomplishments Developed TPT Strategy Identified critical operational areas per technology for TPT test method development and TPT organization scope definition Developed test scenario template Initiated drafting test scenarios for EMD Initiated drafting test scenarios for ETD 19 Cybersecurity in Test & Evaluation James S. Wells Deputy Director, Cyberspace & HSE Programs Office of Test & Evaluation 7
8 Problem Statement Insufficient T&E information regarding a system s cybersecurity posture is available to support major acquisition decisions. Networked information technology is a major component of most major DHS acquisition programs As a result, our adversaries have unprecedented access to our data and the ability to disrupt our operations Current T&E policies and practices do not adequately incorporate cybersecurity considerations in order to inform acquisition decisions 21 Current Parallel Processes Programs already plan and conduct cybersecurity activities IAW the Risk Management Framework HOWEVER Cybersecurity and T&E communities do not routinely coordinate and synchronize activities separate plans and separate reports to separate decision makers AND Operational T&E does not include realistic, threatrepresentative cyber attacks 22 Current Parallel Processes 0 1 2A 3 Need Analyze/ Select 2B Obtain 2C Produce/Deploy/Support Test & Evaluation Input to Operational Develop T&E Strategy Refine T&E Strategy Conduct OTEP Developmental T&E Conduct Operational T&E OTER OTER Risk Categorize Management System Framework Select Controls Implement Controls SAP SAR ATO Assess Authorize POAM SAR Controls Operation POAM Monitor Controls Systems Engineering Life Cycle SPR SER PPR SDR CDR IRR PRR OTRR ORR PIR PDR Solution Planning Integration Operations & Design Development Implementation Engineering Definition and Test Maintenance Disposal 23 8
9 Cybersecurity-Informed Acquisition Decisions Is there a sound plan to collect adequate cybersecurity data to inform future production & deployment decisions? Is the system sufficiently cyber secure to enter initial production/deployment? Is the system sufficiently cyber secure to enter full production/deployment? 0 1 2A 3 Need Analyze/ Select 2B Obtain 2C Produce/Deploy/Support Input to Test & Develop T&E Operational Refine T&E Strategy Evaluation Strategy Define Cybersecurity Threats & Add Cybersecurity T&E Environment Strategy to based on Identify RMF Planning Cybersecurity Conduct OTEP Developmental T&E Improve Fidelity of Cybersecurity DT&E and Synchronization with RMF Conduct Operational T&E OTER OTER Add Cybersecurity to OT&E Risk Categorize Management System Framework Select Controls Implement Controls SAP SAR ATO Assess Authorize POAM SAR Controls Operation POAM Monitor Controls Systems Engineering Life Cycle SPR SER PPR SDR CDR IRR PRR OTRR ORR PIR PDR Solution Planning Integration Operations & Design Development Implementation Engineering Definition and Test Maintenance Disposal 24 Draft DOT&E Policy Programs will include cybersecurity in s Threat description, evaluation framework, integrated T&E objectives & resources OTAs will include cybersecurity in test plans, test concept briefs, and evaluation reports Realistic threat portrayal to determine mission effects DOT&E will include cybersecurity in s Effectiveness, Suitability, Interoperability, & Cybersecurity 25 Current Activities Iterative coordination with DHS OCIO Initial discussions with Components & programs Inventorying possible cybersecurity T&E assets Coordinating with several programs as pilots Investigating process for program threat assessments with DHS I&A 26 9
10 Next Steps Coordinate and publish initial DOT&E cybersecurity policy memo Start integrating cybersecurity into s Start including cybersecurity in OT&E plans, reports, and DOT&E s Continue coordination with OCIO, DHS I&A, and Components Coordinate with Joint Council Continue discussion with red teams for possible recurring acquisition program support Continue coordination with pilot programs ACC / TSA Security Capabilities Workshop June 16-18, 2015 #SecurityCapabilities 10
11 THANK YOU TO OUR SPONSORS 2015 ACC/TSA Security Capabilities Workshop June Arlington, VA #SecurityCapabilities 11
T&E Workforce Development
T&E Workforce Development 2016 ITEA Cyber Security Workshop Mr. Thomas W. Simms Deputy Director, T&E Competency & Development Deputy Assistant Secretary of Defense (DT&E) March 17, 2016 Agenda Policy Overview
More informationCybersecurity Test and Evaluation
Cybersecurity Test and Evaluation Alex Hoover Test Area Manager Cyberspace & Homeland Security Enterprise Programs 202-254-5615 alex.hoover@hq.dhs.gov Office of Test & Evaluation Science and Technology
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationTest and Evaluation Methodology and Principles for Cybersecurity
Test and Evaluation Methodology and Principles for Cybersecurity Andrew Pahutski Deputy Director; Cyber & Information Systems Office of the Secretary of Defense (OSD) Developmental Test and Evaluation
More informationOffice of Acquisition Program Management (OAPM)
Office of Acquisition Program Management (OAPM) Ron Gallihugh Assistant Administrator Airport Consultants Council July 18, 2017 Acquisition Reform Historically, Transportation Security Administration (TSA)
More informationDr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation
Nov 2012 Page-1 Dr. Steven J. Hutchison Principal Deputy Developmental Test and Evaluation November 2012 Nov 2012 Page-2 DT&E for Complex Systems Performance Reliability Interoperability Information Security
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationThe Operational Test & Evaluation Cybersecurity Terrain
The Operational Test & Evaluation Cybersecurity Terrain William Budman Redmond AFOTEC/ED Approved for public release; distribution is unlimited. AFOTEC Public Affairs Public Release Number 2018-03 1 BLUF:
More informationFedRAMP Security Assessment Framework. Version 2.0
FedRAMP Security Assessment Framework Version 2.0 June 6, 2014 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationShift Left: Putting the Process Into Action
U.S. ARMY EVALUATION CENTER Shift Left: Putting the Process Into Action March 30, 2017 Agenda The Evaluator s Motivation Where We Were Guidance and Policy Putting it into Action 2 The Evaluator s Motivation
More informationIntroduction to the Federal Risk and Authorization Management Program (FedRAMP)
Introduction to the Federal Risk and Authorization Management Program (FedRAMP) 8/2/2015 Presented by: FedRAMP PMO 1 Today s Training Welcome! This training session is part one of the FedRAMP Training
More informationAmerican Association for Laboratory Accreditation
R311 - Specific Requirements: Federal Risk and Authorization Management Program Page 1 of 10 R311 - Specific Requirements: Federal Risk and Authorization Management Program 2017 by A2LA. All rights reserved.
More informationAirport Consultants Council
Airport Consultants Council Jose Bonilla Innovation Task Force: Future of Security Airport Consultants Council July 20, 2016 Innovating the Future of Aviation Security Cybersecurity Cybersecurity Requirements;
More informationFedRAMP Security Assessment Framework. Version 2.1
FedRAMP Security Assessment Framework Version 2.1 December 4, 2015 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationFedRAMP Training - Continuous Monitoring (ConMon) Overview
FedRAMP Training - Continuous Monitoring (ConMon) Overview 1. FedRAMP_Training_ConMon_v3_508 1.1 FedRAMP Continuous Monitoring Online Training Splash Screen Transcript Title of FedRAMP logo. Text
More informationApril 25, 2018 Version 2.0
April 25, 2018 Version 2.0 Table of Contents Introduction... 1 1.1 Organization of This Guidebook... 1 1.2 Audience... 2 1.3 Applicability... 2 1.4 Terminology... 2 Cybersecurity Policies and Guidance
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationSynergistic Efforts Between Financial Audit and Cyber Security
DEPARTMENT OF THE NAVYCHIEF INFORMATION OFFICER Synergistic Efforts Between Financial Audit and Cyber Security Amira Tann, DON CIO IT Audit Readiness Lead Danny Chae, ASM FMC FMP IT Controls Lead June
More informationJob Aid: Introduction to the RMF for Special Access Programs (SAPs)
Contents Terminology... 2 General Terminology... 2 Documents and Deliverables... 2 Changes in Terminology... 3 Key Concepts... 3 Roles... 4 Cybersecurity for SAPs: Roles... 5 Support/Oversight Roles...
More informationTest and Evaluation. The Key to Successful Acquisition Outcomes DHS SCIENCE AND TECHNOLOGY. Steve Hutchison. 20 April 2017
DHS SCIENCE AND TECHNOLOGY Test and Evaluation The Key to Successful Acquisition Outcomes 20 April 2017 Steve Hutchison Director Office of Test and Evaluation Agile in Government - a brief look back First
More informationFederal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011
Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case
More informationTest and Evaluation. The Key to Successful Acquisition Outcomes. Steve Hutchison. 3 October Director Office of Test and Evaluation
Test and Evaluation The Key to Successful Acquisition Outcomes 3 October 2017 Steve Hutchison Director Office of Test and Evaluation DHS Test & Evaluation Year in Review USCG Fast Response Cutter FOT&E
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan August 10, 2010 FDCCI Agenda August 10 th, 2010 1. Welcome Katie Lewin GSA Director Cloud Computing
More informationStreamlined FISMA Compliance For Hosted Information Systems
Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationPassenger Screening Program
Passenger Screening Program Mario Wilson Division Director Airport Consultants Council July 20, 2017 Key Topics Passenger Screening Program Funding Priorities Planned Funding Activities Planned Funding
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationVol. 1 Technical RFP No. QTA0015THA
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Core Infrastructure IPSS Concept of Operations Per the IPSS requirements, we provide the ability to capture and store packet
More informationData Management & Test Scenarios Exercise
Data Management & Test Scenarios Exercise MDD CDD Validation Dev. RFP Release A B C FRP IOC FOC Materiel Solution Analysis Tech Maturation & Risk Reduction Engineering and Manufacturing Development Production
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationThe U.S. Coast Guard s Role in Cybersecurity
The U.S. Coast Guard s Role in Cybersecurity Mr. Thomas P. Michelli Deputy Chief Information Officer U.S. Coast Guard What is Cyberspace? Domain characterized by the use of electronics and the electromagnetic
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationFederal Government. Each fiscal year the Federal Government is challenged CATEGORY MANAGEMENT IN THE WHAT IS CATEGORY MANAGEMENT?
CATEGORY MANAGEMENT IN THE Federal Government Each fiscal year the Federal Government is challenged to accomplish strategic goals while reducing spend and operating more efficiently. In 2014, the Federal
More informationDraft Applicant Guidebook, v3
Draft Applicant Guidebook, v3 Module 5 Please note that this is a discussion draft only. Potential applicants should not rely on any of the proposed details of the new gtld program as the program remains
More informationFederal Acquisition Service
FEDSIM Industry Partner Briefing Slides April 6, 2016 Agenda Who is FEDSIM? FEDSIM Facts Organizational Tenets & Processes Opportunities Faux Pas Contacts A Sampling of Our Customers Pandemic Support CENTCOM
More informationDEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER (DON CIO) CYBERSECURITY STRATEGY TEMPLATE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER (DON CIO) CYBERSECURITY STRATEGY TEMPLATE AND INSTRUCTIONS MAY 2016 INTRODUCTION 1. Purpose: The Cybersecurity Strategy (CSS) ensures compliance with the
More informationTest and Evaluation in the Department of Homeland Security
Test and Evaluation in the Department of Homeland Security 7 October 2014 Dr. Steven J Hutchison Director, Test and Evaluation Acting Director, Acquisition Support and Operations Analysis Department of
More informationBCI Principles & Criteria: Revision
BCI Principles & Criteria: 2015-2017 Revision In January 2015 the BCI Council approved the proposal to launch a formal review of BCI s Principles & Criteria (P&C). This revision process provided an exciting
More informationContinuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER
Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER Continuous Monitoring & Security Authorization >> TOTAL COST OF OWNERSHIP Xacta IA Manager
More informationAMRDEC CYBER Capabilities
Presented to: HAMA AMRDEC CYBER Capabilities Distribution Statement A: Approved for public release: distribution unlimited 08 July 16 Presented by: Julie Locker AMRDEC Cyber Lead U.S. Army Aviation and
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationSuperannuation Transaction Network
Superannuation Transaction Network Process and Requirements for New Gateway Operators Version 2.1 November 2016 For further information or questions, contact the GNGB secretariat via email at contactus@gngb.com.au
More informationAir Force Test Center
Air Force Test Center Avionics Cyber Range (ACR) Mark Erickson 46 TS/OGE 26 January 2017 DISTRIBUTION STATEMENT A: Approved for public release: distribution is unlimited. 96TW-2017-0005 1 What is the Avionics
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationPCTE Program Management Update. Liz Bledsoe Acting Product Manager Cyber Resiliency and Training
PCTE Program Management Update Liz Bledsoe Acting Product Manager Cyber Resiliency and Training elizabeth.e.bledsoe.civ@mail.mil PCTE Stakeholder Landscape TRAINING TEST US CYBER COMMAND CYBER RANGE EXECUTIVE
More informationNavigating through the Risks and Challenges of implementing Green IT Projects
Navigating through the Risks and Challenges of implementing Green IT Projects Jerry Kopan, ITIL V3 Expert, V2 Service Manager, PMP, CMC, B.Sc. ITSM Project Manager and ITIL Trainer Page 1 Abstract Implementing
More informationBuilding an Assurance Foundation for 21 st Century Information Systems and Networks
Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership
More informationStandards Readiness Criteria. Tier 2
Document Number: HITSP 06 N 85 Date: June 1, 2006 Standards Readiness Criteria Tier 2 Version 1.0 May 12, 2006 HITSP Standards Harmonization Committee V 1.0 (5/12/2006) 1 Introduction...3 Background Information...3
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationDHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs
DHS Overview of Sustainability and Environmental Programs Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs DHS Mission DHS Organization Getting to Know DHS Mission: Secure
More informationResearching New Ways to Build a Cybersecurity Workforce
THE CISO ACADEMY Researching New Ways to Build a Cybersecurity Workforce Pamela D. Curtis, Summer Craze Fowler, David Tobar, and David Ulicne December 2016 Organizations across the world face the increasing
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationGood morning, Chairman Harman, Ranking Member Reichert, and Members of
Statement of Michael C. Mines Deputy Assistant Director Directorate of Intelligence Federal Bureau of Investigation Before the Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment,
More informationIATF - International Automotive Task Force Rules for achieving and maintaining IATF Recognition IATF Rules 5 th Edition Sanctioned Interpretations
Rules for achieving and maintaining IATF Recognition IATF Rules 5 th Edition Sanctioned Interpretations The Rules for achieving and maintaining IATF Recognition 5 th Edition for IATF 16949 ( Rules 5 th
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationRisk Management Framework for DoD Medical Devices
Risk Management Framework for DoD Medical Devices Session 136, March 7, 2018 Lt. Col. Alan Hardman, Chief Operations Officer, Cyber Security Division, Office of the DAD IO/J-6 William Martin, Deputy of
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationInformation Systems Security Requirements for Federal GIS Initiatives
Requirements for Federal GIS Initiatives Alan R. Butler, CDP Senior Project Manager Penobscot Bay Media, LLC 32 Washington Street, Suite 230 Camden, ME 04841 1 Federal GIS "We are at risk," advises the
More informationKENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)
KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT) 1. DIRECTOR, LEARNING & DEVELOPMENT - LOWER KABETE Reporting to the Director General, Campus Directors will be responsible for
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationInhalt. Description of Certification Procedure ISO 22000, HACCP and DIN 15593
Inhalt 1. CERTIFICATION PROCEDURE... 2 1.1 Audit Preparation... 2 1.2 Audit Stage 1... 2 1.3 Audit Stage 2 Certification Audit... 3 1.4. Issue of Certificate... 3 2. SURVEILLANCE AUDIT... 3 3. RECERTIFICATION
More informationSSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services
SSAE 18 & new SOC approach to compliance Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services Agenda 1. SSAE 18 overview 2. SOC 2 + 3. 2017 Trust Services Criteria SSAE 18
More informationOffice of Security Capabilities Cybersecurity Management Framework
Transportation Security Administration Office of Security Capabilities Version 1.5 Updated: August 10, 2015 The contents of this framework draw from and are in alignment with requirements identified in
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationAccreditation Body Evaluation Procedure for AASHTO R18 Accreditation
Accreditation Body Evaluation Procedure for AASHTO R18 Accreditation Final August 9, 2016 Page 1 of 12 Section Number Table of Contents Title of Section 0 Purpose 1 Scope 2 References 3 Objectives 4 Criteria
More informationCyber Risk Metrics Survey, Assessment, and Implementation Plan May 11, 2018
Cyber Risk Metrics Survey, Assessment, and Implementation Plan May 11, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationSystems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities
Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationCASE STUDY: RELOCATE THE DATA CENTER OF THE NATIONAL SCIENCE FOUNDATION. Alan Stuart, Managing Director System Infrastructure Innovators, LLC
CASE STUDY: RELOCATE THE DATA CENTER OF THE NATIONAL SCIENCE FOUNDATION Alan Stuart, Managing Director National Science Foundation s New Headquarters in Alexandria, Virginia 1. Introduction to the National
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationSTUDENT GUIDE Risk Management Framework Step 5: Authorizing Systems
Slide 1 - Risk Management Framework RMF Module 5 Welcome to Lesson 5 - RMF Step 5 Authorizing Systems. Once the security controls are assessed, the POA&M and security authorization package must be finalized
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationContemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance
Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance July 2017 Jeff Roth, CISSP-ISSEP, CISA, CGEIT, QSA Regional Director NCC Group Agenda FedRAMP - Foundations/Frameworks Cloud
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More informationCybersecurity Risk Management:
Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov Cybersecurity in the Department of
More informationDEFINITIONS AND REFERENCES
DEFINITIONS AND REFERENCES Definitions: Insider. Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks,
More informationSection One of the Order: The Cybersecurity of Federal Networks.
Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationBSI BIM Solutions. Copyright 2016 BSI. All rights reserved.
BSI BIM Solutions Copyright 2016 BSI. All rights reserved. 1 BSI Group Policy, Engagement National Standards Body Assessment and Certification Compliance support Standards Information Solutions Training
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete Total Cost Total Program Element 8.306 7.299 10.429-10.429 11.464 12.492 12.840 13.010 Continuing Continuing
More informationTransportation System Cybersecurity Framework
Transportation System Cybersecurity Framework August 24, 2016 Patrick Zelinski, AASHTO Background Growing issue of cybersecurity and its impact on the highway environment has highlighted safety and operational
More informationCertification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption
Certification Commission for Healthcare Information Technology CCHIT A Catalyst for EHR Adoption Alisa Ray, Executive Director, CCHIT Sarah Corley, MD, Chief Medical Officer, NextGen Healthcare Systems;
More informationInformation Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011
Information Technology Information Sharing and Analysis Center First Symposium Barcelona, Spain Feb. 2, 2011 About Us Non Profit, US Corporation established in 2000 and operational in 2001 Fully funded
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan June 04, 2010 FDCCI Workshop I Agenda for June 4, 2010 1. Welcome Katie Lewin GSA Director Cloud
More informationTERMS OF REFERENCE. Scaling-up Renewable Energy Program (SREP) Joint Mission. Lesotho
TERMS OF REFERENCE Scaling-up Renewable Energy Program (SREP) Joint Mission September 27-29, 2017 Lesotho 1 SUMMARY 1. Mission objectives. The main objective of the Joint Mission ( the Mission ) is to
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationGuide to Understanding FedRAMP. Version 2.0
Guide to Understanding FedRAMP Version 2.0 June 6, 2014 Executive Summary The Federal Risk and Authorization Management Program (FedRAMP) provides a costeffective, risk-based approach for the adoption
More informationTelos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments
` Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments Telos Corporation 19886 Ashburn Road Ashburn, VA 24445 www.telos.com ` Introduction Telos Corporation and Amazon
More informationThe next generation of knowledge and expertise
The next generation of knowledge and expertise UNDERSTANDING FISMA REPORTING REQUIREMENTS 1 HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More information