Webinar will start soon
|
|
- Gregory Brooks
- 6 years ago
- Views:
Transcription
1 OME Webinar: Migrant Student Information Exchange (MSIX) ISA / MOU 2017 Update Webinar will start soon Audio for this webinar will be provided through WebEx. Please test your computer audio speakers. The Webinar will be recorded and posted to RESULTS. The mission of the Office of Migrant Education is to provide excellent leadership, technical assistance, and financial support to improve the educational opportunities and academic success of migratory children, youth, agricultural workers, fishers, and their families.
2 Migrant Student Information Exchange (MSIX) ISA / MOU 2017 Update November 16, 2017 Maria Hishikawa MSIX Technical Lead Office of Migrant Education US Department of Education The mission of the Office of Migrant Education is to provide excellent leadership, technical assistance, and financial support to improve the educational opportunities and academic success of migratory children, youth, agricultural workers, fishers, and their families.
3 Agenda Legal References Acronyms and Definitions Background Key MSIX Changes Memorandum of Understanding (MOU) Interconnection Security Agreement (ISA) Next Steps & Timelines Questions 3
4 Statute Sections 1304(b)(3) and 1308(b) of the Elementary and Secondary Education Act (ESEA) of 1965, as amended by Every Student Succeeds Act (ESSA) of 2015 Code of Federal Regulations 34 CFR , (c) and Guidance Legal References Non-Regulatory Guidance for Title I, Part C, Education of Migratory Children: Chapter VI, D (2010) 4
5 Federal Cyber Security Laws and Standards Federal Information Security Modernization Act of 2014 (FISMA) Privacy Act of 1974 Unauthorized Access Act (18 U.S. Code 2701) Office of Management and Budget (OMB) Circular A-130 Management of Federal Information Resources Appendix III Security of Federal Automated Information Resources National Institute of Standards and Technology (NIST) Special Publications (SP) and Federal Information Processing Standards (FIPS) SP Security Guide for Interconnecting Information Technology Systems SP Revision 4 Security and Privacy Controls for Federal Information Systems And Organizations FIPS 200 Minimum Security Requirements for Federal Information and Information ED s Handbook for Information Assurance Security Policy 5
6 Cloud Computing: Acronyms & Definitions Definition AWS: Amazon Web Services: provides cloud computing services to MSIX system as of July 24, Cloud computing services is a model for enabling ubiquitous, convenient, ondemand access to a pool of computing resources. (Federal Definition of Cloud Computing) DAA: Designated Approving Authority: US Department of Education authority who is ultimately responsible for the operation and management of MSIX. FISMA: Federal Information Security Modernization Act of 2014 which governs how Federal information systems are secured, operated and monitored. ISA: Interconnection Security Agreement: Documents the technical details of system to system communications for the purpose of planning, establishing and maintaining the data exchange. MOU: Memorandum of Understanding: Governs the roles and responsibilities of the parties involved in the data exchange. MSIX: Migrant Student Information Exchange 6
7 Background MSIX MOU/ISA documents were circulated in 2016 to all participating MEP States. MOU & ISA documents expire in 3 years from last signature date; Reviewed annually to remain current. New MOUs needed if: State migrant specific database has had major updates/changes; OR Previous MOU has outstanding questions New ISAs are required for all participating states. 7
8 Key MSIX Changes Before US Dept of ED template 2. HPE (DXC) data center 3. Location: FL/GA 4. Traditional server architecture After Cloud Services Migration 1. New 2017 US Dept of ED template 2. Amazon Web Services 3. Location: US-East/West 4. Cloud services architecture 8
9 Memorandum of Understanding Purpose: Governs the relationships and responsibilities of those involved in the data exchange MSIX cloud migration did not change these relationships and responsibilities. States with current signed MOU: Attach and file the MOU amendment with previously signed official MOU. Expiration date does not change. States with changes to State Migrant System: Update the new template with State information. Circulate for State and OME DAA signatures. Expiration date resets to 3 years from signing. 9
10 Interconnection Security Agreement Purpose: provides guidance for planning, establishing and maintaining the interconnection MSIX physical architecture diagram changed Data Center service provider location changed Secure File Transfer file submission server changed Appendix added to document Security measures in place for MSIX per FISMA and ED OCIO requirements Documents safeguards in place to protect, prevent, detect, and recover from cyber incidents States may use the appendix as reference for State migrant database security safeguards 10
11 Next Steps & Timelines Who What When OME Distributes ISA template and MOU memo 11/6/2017 OME Presents Webinar to review scope of changes and next steps 11/16/2017 SEA Files Memo with signed MOU * By 11/30/2017 SEA SEA OME Updates ISA template with State specific information (consults with MSIX Team) Signs ISA and submits to OME/MSIX Team (PASSWORD PROECT with Adobe Acrobat) Signs ISA and returns final document to States (with Password protection) 11/6/ /13/2017 No Later than 12/13/2017 (within 14 days from receipt) * For States identified as needing a new MOU, both the ISA and MOU should be processed together. 11
12 Extension Requests State Director may request extensions for extenuating circumstances for up to 30 days. Last day for extension request submission is 12/08/2017. Approval/Denial in < = 2 business days See form on next slide. MUST BE SUBMITTED BY STATE MEP DIRECTOR via to Maria.Hishikawa@ed.gov 12
13 Extension Request MSIX ISA Update Extension Request State (Name of your State) MEP Director (Full name of director) Extension Duration Extenuating Circumstance (Number of calendar days needed for State signatures, not to exceed 30 days) (Describe in detail dependencies and issues that prevent timely signatures, such as changes in State system, changes in key personnel, etc.) Steps: 1. State representative completes the table above. 2. State MEP Director s the completed request to MSIX Technical Lead: 3. MSIX Technical Lead reviews and responds with Approval or Denial within 2 business days (based on sent date). 13
14 Questions and Contacts OME MSIX Technical Lead: Maria Hishikawa OR MSIX Functional Team The mission of the Office of Migrant Education is to provide excellent leadership, technical assistance, and financial support to improve the educational opportunities and academic success of migratory children, youth, agricultural workers, fishers, and their families. 14
Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security
Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationOutline. Why protect CUI? Current Practices. Information Security Reform. Implementation. Understanding the CUI Program. Impacts to National Security
Outline Why protect CUI? Impacts to National Security Current Practices CUI Program & Existing Agency Practices Information Security Reform CUI Registry 32CFR2002 NIST SP 800-171 (Rev 1) Federal Acquisition
More informationProtecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program
More informationExecutive Order 13556
Briefing Outline Executive Order 13556 CUI Registry 32 CFR, Part 2002 Understanding the CUI Program Phased Implementation Approach to Contractor Environment 2 Executive Order 13556 Established CUI Program
More information2018 SRAI Annual Meeting October Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA
2018 SRAI Annual Meeting October 27-31 Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA Controlled Unclassified Information Regulations: Practical Processes and Negotiations
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationStatement of Organization, Functions, and Delegations of Authority: Office of the
This document is scheduled to be published in the Federal Register on 07/27/2016 and available online at http://federalregister.gov/a/2016-17737, and on FDsys.gov 4184-40P DEPARTMENT OF HEALTH AND HUMAN
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationNew Process and Regulations for Controlled Unclassified Information
New Process and Regulations for Controlled Unclassified Information David Brady TJ Beckett Office of Export and Secure Research Compliance http://www.oesrc.researchcompliance.vt.edu/ Agenda Background
More informationAgency Guide for FedRAMP Authorizations
How to Functionally Reuse an Existing Authorization Version 1.0 August 5, 2015 Revision History Date Version Page(s) Description Author 08/05/2015 1.0 All Initial Publication FedRAMP PMO 06/06/2017 1.0
More informationOn-Line Parental Involvement Policy/Plan School-Level Navigation Instructions
On-Line Parental Involvement Policy/Plan School-Level Navigation Instructions Bureau of Federal Educational Programs 2011-2012 Introduction Section 1118 of the Elementary and Secondary Education Act (ESEA)
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationProvider Monitoring Process
Provider Monitoring Process This statewide provider monitoring process is applicable for all providers including direct vendors, Agency with Choice (AWC) Financial Management Services (FMS) providers and
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationInformed Consent and the Consent Form
Informed Consent and the Consent Form What is informed consent? What does the process look like? Who can obtain consent? Where can I find more information? Consent Form Informed Consent They are NOT the
More informationAdministrative Policies and Business Contracts
Page 1 of 11 Responsible Officer: Responsible Office: Catherine Montano Administrative Policies and Business Contracts Issuance Date: 08/01/2011 Effective Date: 08/01/2012 Last Review Date: 08/01/2012
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationWhy is the CUI Program necessary?
Why is the CUI Program necessary? Executive departments and agencies apply their own ad-hoc policies and markings to unclassified information that requires safeguarding or dissemination controls, resulting
More informationOverview of ABET Kent Hamlin Director Institute of Nuclear Power Operations Commissioner TAC of ABET
Overview of ABET Kent Hamlin Director Institute of Nuclear Power Operations Commissioner TAC of ABET 1 st National Meeting on Improving Education and Training For Chinese Nuclear Power Industry Personnel
More informationAudit Report. Chartered Management Institute (CMI)
Audit Report Chartered Management Institute (CMI) 10 October 2012 Note Restricted or commercially sensitive information gathered during SQA Accreditation monitoring activities is treated in the strictest
More informationEVALUATION REPORT. Independent Evaluation of NRC s Implementation of the Federal Information Security Management Act (FISMA) for Fiscal Year 2011
EVALUATION REPORT Independent Evaluation of NRC s Implementation of the Federal Information Security Management Act (FISMA) for Fiscal Year 2011 OIG-12-A-04 November 9, 2011 All publicly available OIG
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationInformation Systems Security Requirements for Federal GIS Initiatives
Requirements for Federal GIS Initiatives Alan R. Butler, CDP Senior Project Manager Penobscot Bay Media, LLC 32 Washington Street, Suite 230 Camden, ME 04841 1 Federal GIS "We are at risk," advises the
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT December 13, 2006 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-1 RFP: TQC-JTB-05-0001 December 13, 2006 REVISION HISTORY
More informationInspector General. Report on the Peace Corps Information Security Program. Peace Corps Office of. Background FISCAL YEAR 2017
Peace Corps Office of Inspector General Our Mission: Through audits, evaluations, and investigations, the Office of Inspector General provides independent oversight of agency programs and operations in
More informationData Recovery Policy
Data Recovery Policy The Marketware, Inc. Contingency Plan establishes procedures to recover Marketware, Inc. following a disruption resulting from a disaster. This Disaster Recovery Policy is maintained
More informationLeveraging the LincPass in USDA
Leveraging the LincPass in USDA Two Factor Authentication, Digital Signature, Enterprise VPN, eauth Single Sign On February 2010 USDA Takes Advantage of the LincPass USDA is taking advantage of the LincPass
More informationCCC Data Management Procedures DCL3 Data Access
Information Technology Procedures CCC Data Management Procedures DCL3 Data Access Scope: CCC Revision Date: 9/1/2016 Effective Date: 3/1/2015 Approver: Information Security Program Office Table of Contents
More informationSPP 12: Early Childhood Transition Training: Data Collection
SPP 12: Early Childhood Transition Training: Data Collection 2011-12 SPP 12 Data Collection 2011-12 TEA Division of Federal and State Education Policy 1 Table of Contents: SPP 12 State Performance Plan
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationInstitution Guide and Application Checklist
Department of Defense (DoD) Voluntary Education Partnership Memorandum of Understanding (MOU) November 5, 05 Institution Guide and Application Checklist General Information Welcome The Under Secretary
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationDoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP April 14, 2004 Current Macro Security Context within the Federal Government
More informationI-9 AND E-VERIFY VENDOR DUE DILIGENCE
I-9 AND E-VERIFY VENDOR DUE DILIGENCE WHITE PAPER I-9 and E-Verify Vendor Due Diligence Key questions to ask electronic I-9 vendors to ensure you are making the best choice for your business. 1. Vendor
More information7/21/2017. Privacy Impact Assessments. Privacy Impact Assessments. What is a Privacy Impact Assessment (PIA)? What is a PIA?
Presented by Khaliah Barnes Attorney Advisor Office of Privacy and Civil Liberties U.S. Department of Justice For the 10 th Annual American Society of Access Professionals, Inc. National Training Conference
More informationProvider Monitoring Process Overview Training. Updated August Course#: C Music Only No Narration
Music Only No Narration Course#: C-017-1 1 This webcast includes spoken narration. To adjust the volume, use the controls at the bottom of the screen. While viewing this webcast, there is a pause and reverse
More information3/2/2012. Background on FISMA-Reheuser. NIST guidelines-cantor. IT security-huelseman. Federal Information Security Management Act
Jonathan Cantor, Department of Commerce Gery Huelseman, U.S. Air Force Michael E. Reheuser, Department of Defense Background on FISMA-Reheuser NIST guidelines-cantor IT security-huelseman Federal Information
More informationBulletin. Certification requirements for license exempt child care centers paid by the Child Care Assistance Program TOPIC PURPOSE CONTACT SIGNED
Bulletin NUMBER #18-68-13 DATE July 30, 2018 OF INTEREST TO County Directors Social Services Supervisors and Staff Child Care Assistance Program Administrative and Client Access Contacts ACTION/DUE DATE
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More information8/28/2017. What Is a Federal Record? What is Records Management?
Ramona Branch Oliver US Department of Labor What Is a Federal Record? Records include all books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical
More informationMedia Protection Program
Media Protection Program Version 1.0 November 2017 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 PROGRAM DETAILS 4 3.2 MEDIA STORAGE AND ACCESS 4 3.3 MEDIA TRANSPORT
More informationCybersecurity Risk Management
Cybersecurity Risk Management NIST Guidance DFARS Requirements MEP Assistance David Stieren Division Chief, Programs and Partnerships National Institute of Standards and Technology (NIST) Manufacturing
More informationATTACHMENT C. Workforce Innovation and Opportunity Act SAMPLE Memorandum of Understanding Template
This Sample Memorandum of Understanding (MOU) Template is intended to be a technical assistance tool rather than a required template; it should be used in whatever way best fits the needs of the Local
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationDEPARTMENT OF HEALTH and HUMAN SERVICES. HANDBOOK for
DEPARTMENT OF HEALTH and HUMAN SERVICES HANDBOOK for FEDERAL ACQUISITION CERTIFICATION PROGRAM/PROJECT MANAGERS Issuer Office of the Secretary Office of the Assistant Secretary for Financial Resources
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More information5/6/2013. Creating and preserving records that contain adequate and proper documentation of the organization.
Jay Olin National Archives Ramona Branch Oliver Department of Labor ASAP 6 th Annual National Training Conference May 12-15, 15, 2013 What Is a Federal Record? Records include all books, papers, maps,
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationNISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015
NISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015 Agenda Cybersecurity Information Sharing and the NISP NISP Working Group Update CUI Program Update 2 Executive Order 13691 Promoting Private
More informationTexas Education Agency
PEIMS, EDIT+, PID and PET General Instructions Use this authorization form to request, modify, or revoke access to TEASE for PEIMS EDIT+, the Person Identification Database (PID), and PID Enrollment Tracking
More informationPost-Secondary Institution Data-Security Overview and Requirements
Post-Secondary Institution Data-Security Overview and Tiina K.O. Rodrigue, EdDc, CISSP, CISM, PMP, CSM, CEA, ITIL, ISC2 Compliance Mapper, A+ Senior Advisor Cybersecurity - 2017 Agenda Who needs to worry
More informationAdvisory Circular. Subject: INTERNET COMMUNICATIONS OF Date: 11/1/02 AC No.: AVIATION WEATHER AND NOTAMS Initiated by: ARS-100
U.S. Department of Transportation Federal Aviation Administration Advisory Circular Subject: INTERNET COMMUNICATIONS OF Date: 11/1/02 AC No.: 00-62 AVIATION WEATHER AND NOTAMS Initiated by: ARS-100 1.
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationDDTC IT Modernization
DDTC IT Modernization Anthony Dearth Directorate Defense Trade Controls Acting Managing Director AGENDA DECCS Release 2 Features and Industry Batch Filing/Testing DECCS Cyber Security DTAG Recommendations
More informationAudit and Assurance Overview
Chartered Professional Accountants of Canada, CPA Canada, CPA are trademarks and/or certification marks of the Chartered Professional Accountants of Canada. 2018, Chartered Professional Accountants of
More informationPalo Alto Unified School District OCR Reference No
Resolution Agreement Palo Alto Unified School District OCR Reference No. 09-17-1194 The Office for Civil Rights (OCR) of the U.S. Department of Education initiated an investigation into an allegation that
More informationFedRAMP Security Assessment Framework. Version 2.1
FedRAMP Security Assessment Framework Version 2.1 December 4, 2015 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationMARPA DOCUMENT MARPA Revision 1.1
MARPA 1100 - Page 1 MARPA DOCUMENT MARPA 1100 Revision 1.1 STREAMLINE PROGRAM FOR PMA APPLICATIONS OF NON-SAFETY-SIGNIFICANT ARTICLES SUBMITTED BY EXPERIENCED APPLICANTS WITH A QUALIFYING PERFORMANCE RECORD
More informationRequirements for Certification under the Grandfathering Provision
Requirements for Certification under the Grandfathering Provision To support the growing demand for skilled security professionals with the knowledge and background to support the Federal governments mandate
More informationIncident Response Requirements and Process Clarification Comment Disposition and FAQ 11/27/2014
Incident Requirements and Process Clarification Disposition and FAQ 11/27/2014 Table of Contents 1. Incident Requirements and Process Clarification Disposition... 3 2. Incident Requirements and Process
More informationDIGITAL COMMUNICATIONS GOVERNANCE
UNIVERSITY OF NEBRASKA OMAHA DIGITAL COMMUNICATIONS GOVERNANCE REVISED: MARCH 2016 CONTENTS EXECUTIVE SUMMARY 3 INTRODUCTION 3 I. CORE VALUES 4 1.1 Audience First 4 1.2 Consistent Brand 5 1.3 Accessibility
More informationNIST RISK ASSESSMENT TEMPLATE
page 1 / 5 page 2 / 5 nist 800 30 risk pdf The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying
More informationICE. Office of Investigations SEVP. Recertification
Recertification 1 Agenda Overview Before Recertification Recertification process Question and Answer Session 2 Recertification Simple process Risk management Overview School Officials Review data for accuracy
More informationSecurity Awareness, Training, And Education Plan
Security Awareness, Training, And Education Plan Version 2.0 December 2016 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 PLAN DETAILS 4 3.2 WORKFORCE DESIGNATION 4
More informationFedRAMP Training - Continuous Monitoring (ConMon) Overview
FedRAMP Training - Continuous Monitoring (ConMon) Overview 1. FedRAMP_Training_ConMon_v3_508 1.1 FedRAMP Continuous Monitoring Online Training Splash Screen Transcript Title of FedRAMP logo. Text
More informationUniversity of Wyoming Mobile Communication Device Policy Effective January 1, 2013
University of Wyoming Mobile Communication Device Policy Effective January 1, 2013 Introduction and Purpose This policy allows the University to meet Internal Revenue Service (IRS) regulations and its
More informationPOLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6
POLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6 North Gem School District No. 149 establishes the following guidelines to provide administrative direction pertaining to the retention
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA
Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Security Policy and Procedures Identify Risk Assessment ID.RA Table of Contents Identify
More informationFedRAMP Security Assessment Framework. Version 2.0
FedRAMP Security Assessment Framework Version 2.0 June 6, 2014 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationFiscal Year 2013 Federal Information Security Management Act Report
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Fiscal Year 2013 Federal Information Security Management Act Report Status of EPA s Computer Security Program Report. 14-P-0033 vember 26,
More informationMitigation Framework Leadership Group (MitFLG) Charter DRAFT
Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationBEEDS portal Bank of England Electronic Data Submission portal. User guide. New PRA Authorisations Version 1.1
BEEDS portal Bank of England Electronic Data Submission portal User guide New PRA Authorisations Version 1.1 May 2018 Contents Document versions 3 1. Introduction 3 a. Bank of England contact details 4
More informationPrivacy Notice. Introduction. What is personal data? Date Updated: 2/11/2019
Privacy Notice Date Updated: 2/11/2019 Introduction NERCOMP is committed to informing its membership and the general public about services, and professional learning opportunities to advance higher education
More informationNotification of Issuance of Binding Operational Directive and Establishment of. AGENCY: National Protection and Programs Directorate, DHS.
This document is scheduled to be published in the Federal Register on 09/19/2017 and available online at https://federalregister.gov/d/2017-19838, and on FDsys.gov 9110-9P-P DEPARTMENT OF HOMELAND SECURITY
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Signature Repository A Signature Repository provides a group of signatures for use by network security tools such
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationThis is to certify that. Chris FitzGerald. has completed the course. Systems Security Engineering _eng 2/10/08
This is to certify that Chris FitzGerald has completed the course Systems Security Engineering - 206760_eng on 2/10/08 Systems Security Engineering About This Course Overview/Description To define the
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationManagement Of Information Security 4th Edition Whitman
MANAGEMENT OF INFORMATION SECURITY 4TH EDITION WHITMAN PDF - Are you looking for management of information security 4th edition whitman Books? Now, you will be happy that at this time management of information
More informationREQUEST FOR PROPOSALS Consultant to Develop Educational Materials for the Applied Informatics Team Training
REQUEST FOR PROPOSALS Consultant to Develop Educational Materials for the Applied Informatics Team Training Table of Contents: Part I. Overview Information Part II. Full Text of Announcement Section I.
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy
UCOP ITS Systemwide CISO Office Systemwide IT Policy Revision History Date: By: Contact Information: Description: 08/16/17 Robert Smith robert.smith@ucop.edu Initial version, CISO approved Classification
More informationJune 1, 2006 FEA Security and Privacy Profile, Version 2.0 Page i
June 1, 2006 FEA Security and Privacy Profile, Version 2.0 Page i Contents 1. Chapter One: Introduction... 1 1.1 Target Audience... 2 1.2 Relationship to Other Efforts... 2 1.3 Organization of this Document...
More informationInformation Security Program
Information Security Program December 15, 2004 FOR OFFICIAL USE ONLY This information is intended for HHS use only. Disclosure is not expected to cause serious harm to HHS, and access is provided freely
More informationMemorandum of Understanding Template for Emergency Alerting to the Public
Memorandum of Understanding Template for Emergency Alerting to the Public 1 Overview 1.1 Background The Integrated Public Alert and Warning System (IPAWS) provides a powerful tool for notifying the public
More informationSYSTEMS ASSET MANAGEMENT POLICY
SYSTEMS ASSET MANAGEMENT POLICY Policy: Asset Management Policy Owner: CIO Change Management Original Implementation Date: 7/1/2017 Effective Date: 7/1/2017 Revision Date: Approved By: NIST Cyber Security
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Removable Storage Media Security Standard This standard is applicable to all VCU School of Medicine personnel.
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationControlled Unclassified Information (CUI) and FISMA: an update. May 12, 2017 Mark Sweet, Nancy Lewis, Grace Park Stephanie Gray, Alicia Turner
Controlled Unclassified Information (CUI) and FISMA: an update May 12, 2017 Mark Sweet, Nancy Lewis, Grace Park Stephanie Gray, Alicia Turner What is FISMA? Federal Information Security Modernization Act
More informationCASA External Peer Review Program Guidelines. Table of Contents
CASA External Peer Review Program Guidelines Table of Contents Introduction... I-1 Eligibility/Point System... I-1 How to Request a Peer Review... I-1 Peer Reviewer Qualifications... I-2 CASA Peer Review
More informationLifeline Program Update. National Verifier Updates May 17, 2017
Lifeline Program Update National Verifier Updates May 17, 2017 1 Housekeeping Audio is available through your computer s speakers The audience will remain on mute Enter questions at any time using the
More information