Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form
|
|
- Nigel Harrington
- 6 years ago
- Views:
Transcription
1 Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form Page 1 of 5 Submitted to DISA s DoD Cloud Support Office by: Signature (Prefer CAC Digital) Received by DISA s DoD Cloud Support Office: Signature (Prefer CAC Digital) A. Cloud Service Provider (CSP), CSP Sponsor, & CSO Information: Date Date CSP DoD CSP Sponsor Third-Party Assessment Organization (3PAO) or DoD Approved Assessor CSO Title Website If the sponsor has a Cloud Information Technology Project (C-ITP) projected to use this CSO, please have the sponsor fill out a C-IPT Initial Contact Form and provide the C-ITP title here for reference. Title Cloud Service Model Data Impact Level Cloud Deployment Model IaaS - Infrastructure as a Service 1 - t Used Private Cloud PaaS - Platform as a Service 2 - n-controlled Unclassified Information Community Cloud SaaS - Software as a Service 3 - t Used 4 - Controlled Unclassified Information (non - National Security Systems (NSS)) Public Cloud Hybrid Cloud 5 - Controlled Unclassified Information (NSS) 6 - Classified Information (up to Secret) CSO Description Target Cloud Access Point(s) (CAP(s)) Target Date of Operation DISA CAP Navy CAP Target Date of Connection Use this form to make initial contact with the DISA Cloud Support Office regarding a request for assessment, registration, and/or connection to the DISA CAP for a cloud service offering Please this completed form to disa.meade.re.mbx.disa-commercial-cloud@mail.mil Form Release Date 14 August 2016
2 Page 2 of 5 A. Cloud Service Provider (CSP), CSP Sponsor, & CSO Information: (Continued) Physical Location(s) of the CSP-CSO Environment Location of the Users for this CSO A - CONUS B - EUROPE C - Pacific D - Soutwest Asia E - Other (and) 1 - NIPRNet Only 2 - NIRPNet and Internet 3 - Internet Only 4 - Other B. Federal Risk and Authorization Program (FedRAMP) Assessment Status: FedRAMP Package Package ID Authorizing Agency Authorization Date Authorization Expiration Date Type of FedRAMP Authorization Joint Authorization Board (JAB) Authority to Operate (ATO) United States (US) Government Agency ATO Status of FedRAMP Authorization t Submitted Submitted (t Complete) Completed Status Narrative Has a System Security Plan (SSP) been written, has an assessor been engaged, when would the CSP submit the DoD SSP Addendum to Initiate the assessment, etc. 1. Does the CSP request that DISA perform the FedRamp+ assessment of the CSO? If NO, identify the DoD Organization that will perform the FedRamp+ assessment in collaboration with DISA
3 Page 3 of 5 C. Information Used to Assess Mission Priority: 1. Does this effort directly support a high profile DoD Mission as recognized by a DoD CIO or J6? If so, please provide POC information: DoD CIO or J6 2. Does this effort directly support a DoD contract? If so, please provide Contract & Contract POC information: Contract Name or Number Contract 3. Is this CSP-CSO in use by an existing DoD IT Project and is migrating to a multi-tenant or public cloud deployment? If so, please provide IT Projects POC information: Name of IT Project currently using CSP-CSO IT Project Name of 2nd IT Project in New Deployment 2nd IT Project
4 D. Information Used for Initial Technical Planning: These questions are only for connection to the DISA CAP. Please fill in as much information as possible. This information will be used to assess the CSO maturity for setting priorities. Page 4 of 5 1. Is there an existing physical or logical communications path between the CSP enclave and the DISN? If so, what is the existing Command Communications Service Designator (CCSD)? CCSD 2. Is a new Physical or Logical Circuit (L3VPN, IPSec, etc.) required between the CSP and the CAP/MeetMe Point? 3. What is the CAP Connection Type required? 4. Provide the Diversity requirement (network redundancy type requirement) 5. Provide the estimated bandwidth requirement 6. Provide the required number of estimated concurrent users 7. Provide Additional performance requirements (Latency maximums, packet loss, Jitter, etc.) 8. What applications / services / protocols / ports are within the CSO? (ie. Mail, DNS, Web Browsing, Voice, Chat, Video, et) 9. Provide application profile names applicable to the CSO using the descriptions from the paloalto networks website ( 10. What is the IP space utilized by the CSO? 11. Provide reference identification numbers for these databases when available. PPSM SNAP 12. Provide Network / enclave / System Topology Diagrams with this form. (If available)
5 Please fill in as much information as possible. This information will be used to assess the CSO maturity for setting priority. Page 5 of 5 E. Information Used for Initial Security Assessment Planning: 1. Does the CSO plan to support information subject to privacy protection? 2. Does all customer data remain under US jurisdiction while stored or processed? 3. Will there be only DoD and Federal Government tenants (customers) on the CSO and underlying infrastructure? 4. Is there strong virtual separation among the tenants / missions for both data storage and processing, having the ability to meet search and seizure requests for non-dod information and data without release of DoD information and data? 5. If the CSO is responsible for authentication of entities and/or identifying a hosted DoD information system, can the CSO integrate with the DoD PKI in accordance with DoDI ? 6. Do the data processing facilities meet the requirements defined in the FedRAMP Moderate baseline and FedRAMP+ C/CEs related to physical security? 7. Does the CSP establish personnel position sensitivity risk determinations based on OPM guidance and the Position Sensitivity Tool? 8. Can DOD data at rest be encrypted with validated FIPS validated cryptography? 9. Does only the customer have full control of generation, management, use, and destruction of the crypto keys? 10. Will the CSO force all DoD traffic to and from the CSP infrastructure through a DoD cloud access point (CAP)? 11. For off-premises infrastructure, does the architecture include connecting via one or more boundary CAPs (BCAPs)? 12. For SaaS offerings, does the CSO implement defense-in-depth measures? 13. Does the CSP have an incident response plan (or addendum) meeting the DoD requirements? 14. Will the CSP report all incidents via the on-line Defense Industrial Base (DIB) Cyber Incident Collection Form? 15. Do appropriate personnel have or are willing to secure either a DoD PKI certificate or DoD-approved medium assurance External Certificate Authority (ECA) certificate for secure communications with DoD entities regarding C2 or CND functions? 16. Will the CSP receive, act upon, and report compliance with CND Tier II directives and notifications? 17. Is the CSP already a member of the DIB Cyber Security / Information Assurance Program or willing to become one?
DISA CLOUD CLOUD SYMPOSIUM
DISA CLOUD P L A Y B O O K CLOUD SYMPOSIUM DISA Cloud Adoption Cycle LEARN CHOOSE BUY CONFIGURE TRANSITION UTILIZE CLOUD CONSUMER What Mission Partners Should Know and Do Cloud Policies Goals (Fit, Leverage,
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INI'ORMATION OI'I'ICl!R NOV 0 6 2014 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationAbout the DISA Cloud Playbook
Cloud Playbk About the DISA Cloud Playbk Cloud Adopters, As you attempt to help the department move more data into the Cloud, there will be many challenges to overcome and learning to be realized. We
More informationSecure Cloud Computing Architecture (SCCA)
Secure Cloud Computing Architecture (SCCA) Susan Casson PM, SCCA December 12, 2017 UNITED IN IN SERVICE TO OUR NATION 1 Unclassified DoD Commercial Cloud Deployment Approach Cyber Command C2 Operations
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationDeveloped by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD)
DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL Version 2.1 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD) Errata The following changes have been
More informationREAD ME for the Agency ATO Review Template
READ ME for the Agency ATO Review Template Below is the template that the FedRAMP Program Management Office (PMO) uses when reviewing an Agency ATO package. Agencies and CSPs should be cautious to not
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationSecure Cloud Computing Architecture (SCCA)
Secure Cloud Computing Architecture (SCCA) Program Overview Susan Casson PM, SCCA May 15, 2018 UNITED IN IN SERVICE TO OUR NATION 1 Service Overview: Why SCCA? SCCA connects the DoD to Infrastructure and
More informationIntroduction to the Federal Risk and Authorization Management Program (FedRAMP)
Introduction to the Federal Risk and Authorization Management Program (FedRAMP) 8/2/2015 Presented by: FedRAMP PMO 1 Today s Training Welcome! This training session is part one of the FedRAMP Training
More informationDRAFT DEPARTMENT OF DEFENSE (DOD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release December, 2014
DRAFT DEPARTMENT OF DEFENSE (DOD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 0.36 7 December, 2014 Developed by the Defense Information Systems Agency (DISA) for the Department
More informationWhat is milcloud 2.0?
What is milcloud 2.0? Caroline Bean DISA Jeffrey Phelan CSRA April 4, 2018 (DISA). CRSA is providing the milcloud 2.0 services to DoD customers 1 under Contract HC102817D0004. UNCLASSIFIED 1 All forward-looking
More informationSIPRNet Contractor Approval Process (SCAP) December 2011 v2. Roles and Responsibilities
Roles and Responsibilities PARTICIPANT RESPONSIBILITIES Defense Security Service (DSS) DAA for Information Systems (IS) used to process classified information in the National Industrial Security Program
More informationClick to edit Master title style
Federal Risk and Authorization Management Program Presenter Name: Peter Mell, Initial FedRAMP Program Manager FedRAMP Interagency Effort Started: October 2009 Created under the Federal Cloud Initiative
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationWelcome to the DISA Cloud Symposium
Welcome to the DISA Cloud Symposium 1 2 Information IN PERSON VIA QUESTION FORMS, SUBMITTED DURING BREAKS VIRTUAL INFORMATION PORTAL: http://www.disa.mil/newsandevents/events/cloud-symposium 3 DISA CLOUD
More informationAgency Guide for FedRAMP Authorizations
How to Functionally Reuse an Existing Authorization Version 1.0 August 5, 2015 Revision History Date Version Page(s) Description Author 08/05/2015 1.0 All Initial Publication FedRAMP PMO 06/06/2017 1.0
More informationFedRAMP Initial Review Standard Operating Procedure. Version 1.3
FedRAMP Initial Review Standard Operating Procedure Version 1.3 August 27, 2015 Revision History Date Version Page(s) Description Author 08/07/2015 1.0 All Initial Release FedRAMP PMO 08/17/2015 1.1 All
More informationAmerican Association for Laboratory Accreditation
R311 - Specific Requirements: Federal Risk and Authorization Management Program Page 1 of 10 R311 - Specific Requirements: Federal Risk and Authorization Management Program 2017 by A2LA. All rights reserved.
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationCybersecurity Challenges
Cybersecurity Challenges Protecting DoD s Information NAVSEA Small Business Industry Day August 8, 2017 1 Outline Protecting DoD s Information DFARS Clause 252.204-7012 Contractor and Subcontractor Requirements
More informationDEFENSE HEALTH AGENCY 7700 ARLINGTON BOULEVARD, SUITE 5101 FALLS CHURCH, VIRGINIA
DEFENSE HEALTH AGENCY 7700 ARLINGTON BOULEVARD, SUITE 5101 FALLS CHURCH, VIRGINIA 22042-5101 MEMORANDUM FOR DEFENSE HEALTH AGENCY AUTHORIZING OFFICIAL SUBJECT: Software Certification for Spirola version
More informationCloud Overview. Mr. John Hale Chief, DISA Cloud Portfolio February, 2018 UNITED IN SERVICE TO OUR NATION UNCLASSIFIED 1
Cloud Overview Mr. John Hale Chief, DISA Cloud Portfolio February, 2018 1 DoD Cloud Deployment Models DoDIN On-Premise Commercial Cloud Commercially provided cloud service hosted within DoD facilities
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This
More informationLogical Separation. An evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads
Logical Separation An evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads May 2018 [ ] 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
More informationDEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Security Safeguarding Covered Defense Information 30-31 August 2016 WARFIGHTER FIRST PEOPLE & CULTURE STRATEGIC ENGAGEMENT FINANCIAL
More informationFedRAMP Security Assessment Framework. Version 2.1
FedRAMP Security Assessment Framework Version 2.1 December 4, 2015 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationGuide to Understanding FedRAMP. Version 2.0
Guide to Understanding FedRAMP Version 2.0 June 6, 2014 Executive Summary The Federal Risk and Authorization Management Program (FedRAMP) provides a costeffective, risk-based approach for the adoption
More informationFEDERALLY COMPLIANT HYBRID IT QTS GOVERNMENT SOLUTIONS
FEDERALLY COMPLIANT HYBRID IT QTS GOVERNMENT SOLUTIONS Proven Expertise World-Class Data Centers Industry Leading Support POWERED BY PEOPLE. 1 Future-proof your IT with federally compliant hybrid cloud
More informationFedRAMP Security Assessment Framework. Version 2.0
FedRAMP Security Assessment Framework Version 2.0 June 6, 2014 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationFedRAMP Plan of Action and Milestones (POA&M) Template Completion Guide. Version 1.1
FedRAMP Plan of Action and Milestones (POA&M) Template Completion Guide Version 1.1 September 3, 2015 FedRAMP Plan of Action & Milestones (POA&M) Template Completion Guide v1.1 September 3, 2015 Document
More informationCloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson
Presentation to AGA April 20, 2017 Mike Teller Steve Wilson Agenda: What is cloud computing? What are the potential benefits of cloud computing? What are some of the important issues agencies need to consider
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8551.1 August 13, 2004 ASD(NII)/DoD CIO SUBJECT: Ports, Protocols, and Services Management (PPSM) References: (a) DoD Directive 8500.1, "Information Assurance (IA),"
More informationt a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationStreamlined FISMA Compliance For Hosted Information Systems
Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and
More informationMigrating Applications to the Cloud
Migrating Applications to the Cloud Mr. John Hale Chief, DISA Cloud Services May, 2018 1 Disclaimer The information provided in this briefing is for general information purposes only. It does not constitute
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationCompliance & Security in Azure. April 21, 2018
Compliance & Security in Azure April 21, 2018 Presenter Bio Jeff Gainer, CISSP Senior Information Security & Risk Management Consultant Senior Security Architect Have conducted multiple Third-Party risk
More informationContemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance
Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance July 2017 Jeff Roth, CISSP-ISSEP, CISA, CGEIT, QSA Regional Director NCC Group Agenda FedRAMP - Foundations/Frameworks Cloud
More informationU.S. Army Unified Capabilities Soft Client Subscription Service. AFCEA Belvoir Industry Days Town Hall April 3, 2018
U.S. Army Unified Capabilities Soft Client Subscription Service AFCEA Belvoir Industry Days Town Hall April 3, 2018 Problem Solution Overview Hybrid Cloud Software-as-a-Service TOPICS Consolidated Network
More informationFedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS. VERSION 1.0 October 20, 2016
FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS VERSION 1.0 October 20, 2016 MONTH 2015 Table of Contents 1. PURPOSE 3 2. BACKGROUND 3 3. TIMELINESS AND ACCURACY OF TESTING OVERVIEW
More informationBuilding Trust in the Era of Cloud Computing
Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.
More informationInternal Revenue Service (IRS) Publication 1075 Compliance in AWS. February 2018
Internal Revenue Service (IRS) Publication 1075 Compliance in AWS February 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational
More informationExecutive Order 13556
Briefing Outline Executive Order 13556 CUI Registry 32 CFR, Part 2002 Understanding the CUI Program Phased Implementation Approach to Contractor Environment 2 Executive Order 13556 Established CUI Program
More informationU.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk Neal Miller, Navy Authorizing Official December 13, 2016 UNCLASSIFIED 1 Some Inconvenient Truths The bad guys and gals still only work
More informationFISMA Cybersecurity Performance Metrics and Scoring
DOT Cybersecurity Summit FISMA Cybersecurity Performance Metrics and Scoring Office of the Federal Chief Information Officer, OMB OMB Cyber and National Security Unit, OMBCyber@omb.eop.gov 2. Cybersecurity
More informationDepartment of Defense Fiscal Year (FY) 2015 IT President's Budget Request Defense Contract Audit Agency Overview
BMA 3.308 Mission Area Business System Breakout Appropriation PROCUREMENT 1.594 Total 31.395 Defense Business Systems 3.528 EIEMA 28.087 All Other Resources 27.867 FY 2015 ($M) FY 2015 ($M) OPERATIONS
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationDepartment of Defense Cybersecurity Requirements: What Businesses Need to Know?
Department of Defense Cybersecurity Requirements: What Businesses Need to Know? Why is Cybersecurity important to the Department of Defense? Today, more than ever, the Department of Defense (DoD) relies
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationDISA Cybersecurity Service Provider (CSSP)
UNCLASSIFIED DISA Cybersecurity Service Provider (CSSP) Mission Partner Brief UNCLASSIFIED UNITED IN SERVICE TO OUR NATION Mr. Darrell Fountain Chief, DISA CSSP Services Branch November 2018 UNCLASSIFIED
More information3/2/2012. Background on FISMA-Reheuser. NIST guidelines-cantor. IT security-huelseman. Federal Information Security Management Act
Jonathan Cantor, Department of Commerce Gery Huelseman, U.S. Air Force Michael E. Reheuser, Department of Defense Background on FISMA-Reheuser NIST guidelines-cantor IT security-huelseman Federal Information
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationFOR OFFICIAL USE ONLY DEPARTMENT OF THE AIR FORCE HEADQUARTERS AIR FORCE NETWORK INTEGRATION CENTER (AFNIC) SCOTT AIR FORCE BASE ILLINOIS
DEPARTMENT OF THE AIR FORCE HEADQUARTERS AIR FORCE NETWORK INTEGRATION CENTER (AFNIC) SCOTT AIR FORCE BASE ILLINOIS 62225-5222 MEMORANDUM FOR AFNIC/NVI FROM: AFNIC/NW 203 West Losey Street, Room 3100 Scott
More informationFundamental Concepts and Models
Fundamental Concepts and Models 1 Contents 1. Roles and Boundaries 2. Cloud Delivery Models 3. Cloud Deployment Models 2 1. Roles and Boundaries Could provider The organization that provides the cloud
More informationRisk Management Framework for DoD Medical Devices
Risk Management Framework for DoD Medical Devices Session 136, March 7, 2018 Lt. Col. Alan Hardman, Chief Operations Officer, Cyber Security Division, Office of the DAD IO/J-6 William Martin, Deputy of
More informationCompliance with NIST
Compliance with NIST 800-171 1 What is NIST? 2 Do I Need to Comply? Agenda 3 What Are the Requirements? 4 How Can I Determine If I Am Compliant? 5 Corserva s NIST Assessments What is NIST? NIST (National
More informationDISN Evolution. TDM Elimination. Mr. Jessie L. Showers, JR., SES Infrastructure Executive (IE) 15 June 2017 UNITED IN SERVICE TO OUR NATION
DISN Evolution TDM Elimination Mr. Jessie L. Showers, JR., SES Infrastructure Executive (IE) 15 June 2017 The IT Combat Support Agency RESOURCING ACQ/PROC DEV/TEST IMPLEMENTATION OPERATIONAL ENVIRONMENT
More informationCONNECTION PROCESS GUIDE
Defense Information Systems Agency A Combat Support Agency NETWORK SERVICES DIRECTORATE (NS) CONNECTION APPROVAL DIVISION (NSC) CONNECTION PROCESS GUIDE Version 3 May 2010 Defense Information Systems Agency
More informationWhite Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators.
White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators. www.spirentfederal.com Table of Contents 1.0 DOD CLOUD STRATEGY IMPACT.............................................................
More informationFedRAMP JAB P-ATO Vulnerability Scan Requirements Guide. Version 1.0
FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide Version 1.0 May 27, 2015 Document Revision History Date Version Page(s) Description Author May 27, 2015 1.0 All Initial Version C. Andersen June
More informationFedRAMP Training - Continuous Monitoring (ConMon) Overview
FedRAMP Training - Continuous Monitoring (ConMon) Overview 1. FedRAMP_Training_ConMon_v3_508 1.1 FedRAMP Continuous Monitoring Online Training Splash Screen Transcript Title of FedRAMP logo. Text
More informationJoint Information Environment
Joint Information Environment 28 May 14 1 Agenda JIE Necessity DISA s JIE Focus Takeaways Introduction of Breakout Session Leads DoD IT Future: Joint Information Environment A secure joint information
More informationSOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN
S O L U T I O N O V E R V I E W SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN Today s branch office users are consuming more wide area network (WAN) bandwidth
More informationMaking. the Most of FedRAMP. Industry Perspective INDUSTRY PERSPECTIVE
Making INDUSTRY PERSPECTIVE the Most of FedRAMP Industry Perspective 1 Executive Summary When the Federal Risk and Authorization Management Program (FedRAMP) launched in 2012, cloud computing was a fairly
More informationDEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND Joint Interoperability Test Command (JTE) 26 Mar 13
DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND 20755-0549 IN REPLY REFER TO: Joint Interoperability Test Command (JTE) 26 Mar 13 MEMORANDUM FOR DISTRIBUTION SUBJECT: Extension of
More informationNIST Special Publication
NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Ryan Bonner Brightline WHAT IS INFORMATION SECURITY? Personnel Security
More informationDr. Eng. Antonio Mauro, PhD October 20th 2011
October 20th 2011 NIST Cloud Computing Reference Architecture NIST Cloud Computing Standards Roadmap Special Publication 500-292 September 2011 Document: NIST CCSRWG 092 - First Edition - July 5, 2011
More informationDIACAP and the GIG IA Architecture. 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) (C)
DIACAP and the GIG IA Architecture 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) 210-9252417 (C) 210-396-0254 jwierum@cygnacom.com OMB Circular A-130 (1996) OMB A-130 required systems and applications
More informationNS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director
NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments Hunter Downey, Cloud Solution Director Why Organizations are investing in the Cloud Pressure on IT and business
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationDHS Cloud Strategy and Trade Nexus. May 2011
DHS Cloud Strategy and Trade Nexus May 2011 IT Reform @ DHS Federal Plan Departmental Plan IT Reform @ DHS Action Item 1 Complete detailed implementation plans to consolidate 800 data centers by 2015 2
More informationDepartment of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Media Activity Overview
Mission Area Department of Defense Overview Business System Breakout Appropriation BMA 0.163 Total 24.846 Defense Business Systems 0.163 All Other Resources 24.683 EIEMA 24.683 FY 2014 ($M) FY 2014 ($M)
More informationAWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE
AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE 2018 1 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationDepartment of Defense Past Performance Information Retrieval System- Statistical Reporting Next Generation (PPIRS-SR NG)
Department of Defense Past Performance Information Retrieval System- Statistical Reporting Next Generation (PPIRS-SR NG) PPRS-SR NG User Access Naval Sea Logistics Center Portsmouth Bldg. 153-2 Portsmouth
More informationLunarline s School of Cyber Security Course Catalog
Lunarline s School of Cyber Security Course Catalog 3300 N Fairfax Drive, Suite #308, Arlington, Virginia 22201 Phone: 571.481.9300 Fax: 202.315.3003 www.schoolofcybersecurity.com Table of Contents RISK
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationHow to Establish Security & Privacy Due Diligence in the Cloud
How to Establish Security & Privacy Due Diligence in the Cloud Presentation: Cloud Computing Expo 2015, Santa Clara, California Maria C. Horton, CISSP, ISSMP, Cloud Essentials, IAM CEO, EmeSec Incorporated
More informationAccelerating the HCLS Industry Through Cloud Computing
Accelerating the HCLS Industry Through Cloud Computing Use cloud computing to accelerate life sciences and healthcare specific workloads, and meet the unique computation, storage, security, and compliance
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationHelping Meet the OMB Directive
Helping Meet the OMB 11-11 Directive March 2017 Implementing federated identity management OMB Memo 11-11 Meeting FICAM Objectives Figure 1: ICAM Conceptual Diagram FICAM Targets Figure 11: Federal Enterprise
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationEmpowering Business Adoption of the Cloud through Intelligent Security Solutions and Active Defense Platforms
Empowering Business Adoption of the Cloud through Intelligent Security Solutions and Active Defense Platforms Floris van den Dool, Managing Director, Security Lead EALA, Accenture Christian Franzen, Senior
More informationNovember 17, The Honorable Patrick Shanahan Deputy Secretary of Defense U.S. Department of Defense. Dear Mr. Shanahan:
November 17, 2017 The Honorable Patrick Shanahan Deputy Secretary of Defense U.S. Department of Defense Dear Mr. Shanahan: On behalf of our more than 400 member companies, the Professional Services Council
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationFedRAMP Security Assessment Plan (SAP) Training
FedRAMP Security Assessment Plan (SAP) Training 1. FedRAMP_Training_SAP_v6_508 1.1 FedRAMP Online Training: SAP Overview Splash Screen Transcript Title of FedRAMP logo. FedRAMP Online Training; Security
More informationDefense Information System for Security (DISS) Frequently Asked Questions (FAQs)
Defense Manpower Data Center Personnel Security & Assurance Defense Information System for Security (DISS) Frequently Asked Questions (FAQs) Document Version 1.3 28 March 2017 Document History Version
More informationDoDD DoDI
DoDD 8500.1 DoDI 8500.2 Tutorial Lecture for students pursuing NSTISSI 4011 INFOSEC Professional 1 Scope of DoDD 8500.1 Information Classes: Unclassified Sensitive information Classified All ISs to include:
More informationDefense Cost and Research Center
Defense Cost and Research Center CSDR Submit-Review Website Submitter Guide 8/21/2012 1 Submitter Training The following document provides step-by-step screenshots to illustrate the major actions performed
More informationNESSO QUICKSTART GUIDE
Fleet Numerical Meteorology and Oceanography Center NESSO QUICKSTART GUIDE REGISTRATION AND USE April 20, 2007 Version 2.04 Approved for public release; distribution is unlimited Navy Enterprise Single
More information