DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK
|
|
- Eustace Bennett
- 6 years ago
- Views:
Transcription
1 DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK GOODS AND SERVICES CONTRACTS
2 Page 1 of 5 RFP 16-PR-DEM-33 Comprehensive All-Hazards Risk Assessment Attachment A-1: Background and Contractor Qualifications 1.0 Background and Intent: The DC Water and Sewer Authority (DC Water) is seeking a qualified vendor (the Contractor ) to assist in executing a comprehensive system wide (as referenced in the DC Water Master Plan 1 ) all-hazards physical security, operational, system engineering and cyber security resiliency vulnerability assessment of all owned assets within DC Water, which is located in Washington, DC, and its associated watershed properties and wastewater assets located in Maryland and Virginia (See Attachment M - DC Water Facilities). The intent is to update previously identified vulnerabilities and develop current remediation and resilience strategies, using both traditional and non-traditional solutions, to ensure the continued safety and security of the water and wastewater system for all DC Water employees, ratepayers and the residents within our service area. The work to be performed shall be in compliance with standards provided by the American National Standards Institute (ANSI) and the American Water Works Association (AWWA). 2.0 Contractor Minimum Qualifications: Vendors wishing to be awarded the contract resulting from this RFP must possess the minimum qualifications stated below. The Offeror shall include information with their proposal to substantiate that they meet the following: 1. The Offeror must demonstrate at least four (4) years of experience performing services similar in nature to those requested in this RFP with major metropolitan water and wastewater utilities in US and show competency in each area identified in the Scope of Work. Equivalent experience of personnel performing this or similar service will also be considered in lieu of the above. 2. The Offeror must demonstrate knowledge of, and documented project experience with, industry best practices including ANSI/AWWA J100 standards, use of the Parre in conducting a J100 risk assessment, and a broad range of water and wastewater physical, operational, and cyber vulnerability assessment and risk mitigation experience. 3. The Offeror must provide a sufficient number of qualified personnel to perform the service within the required timeline. The Offeror must provide resumes of all key personnel demonstrating experience with specific projects similar in nature to those requested in this RFP and the percentage of their time devoted to each project(s). 1 The DC Water Master Plan is a confidential document that will be provided to the winning Offeror at contract award.
3 Page 2 of 5 RFP 16-PR-DEM-33 Comprehensive All-Hazards Risk Assessment Attachment A-2: Scope of Work 1. General: 1.1. The Contractor shall perform all work under the direction of DC Water s Contracting Officer s Technical Representative ( COTR ) The Contractor shall assist in executing a comprehensive system wide (as referenced in the DC Water Master Plan) all-hazards physical security, operational, system engineering and cyber security resiliency vulnerability assessment of all owned assets within DC Water (the Risk Assessment ), including all sites located within Washington, DC and all associated watershed properties and wastewater assets located in Maryland and Virginia (See RFP Attachment M - DC Water Facilities) The COTR will provide the Contractor with a copy of the DC Water Master Plan upon contract award The Contractor shall perform all work in compliance with standards provided by the American National Standards Institute (ANSI) and the American Water Works Association (AWWA) The Contractor shall submit a detailed with identified milestones to the COTR for approval within 10 business days after the project kickoff meeting. This work shall be completed in 12 months or less The Contractor shall provide Monthly Status Reports to the COTR and DC Water staff to include, at a minimum, the progress made to date and alignment with the. If the work is behind the, then the report must also contain the cause for the delays and plans to catch up. The Monthly Status Reports shall be presented, in person or via conference call, and a copy submitted in electronically via (PowerPoint or MS Word) DC Water prefers the payment per milestones (see Section 5 of this Attachment) achieved and accepted by DC Water. The final invoice shall be submitted upon successful completion of the project, as determined by the COTR. 2. Risk Assessment Software Evaluation and Selection: 2.1. DC Water is seeking an encrypted/secure software to be used for data collection, analysis and maintenance of the Risk Assessment. The Contractor shall present software options to the COTR and make a recommendation on the software that will best meet DC Water s needs. The COTR will make the final selection of the software to be used The Contractor shall use and maintain the selected software for data collection in accordance with the ANSI/AWWA J100 standard The Contractor shall provide all copies, licenses and data for the selected software to the COTR at the conclusion of the project. No copies of DC Water purchased licenses, software or data shall be retained by the Contractor or its subcontractors without prior written permission from DC Water. 3. Risk Assessment: 3.1. The Contractor shall complete a comprehensive, system wide all-hazards physical, operational, system engineering, and cyber [Business Information Technology (BIT) networks, Industrial Control Systems (ICS) networks, Supervisory Control and Data Acquisition (SCADA) network, and Electronic Security System (ESS) network] vulnerability assessment (hereinafter the Risk Assessment ) of all DC Water owned assets to determine the all-hazards risk and resilience of all physical, operational, and cyber assets located throughout the DC Water system.
4 Page 3 of The Risk Assessment must cover all types of risk including, but not limited to: a) Malicious or other intentional acts and all hazards events for external physical risks; b) Malicious or other intentional acts and all hazards events for internal physical risks; c) Malicious or other intentional acts and all hazards events for operational risk; d) Malicious or other intentional acts and all hazards events for external cyber security risks for DC Water BIT, ICS, SCADA, and ESS networks; e) Malicious or other intentional acts or all hazards events for internal cyber security risks for DC Water BIT, ICS, SCADA and ESS networks; f) Natural and human caused disasters; g) Unintentional human causes risks, such as hazardous chemical spills, incorrect system operation, critical component failure, etc.; and h) Dependency hazards to include utility interruptions (including power outages, communications outages), supply chain, employee staffing issues (illness, strike), customers, transportation, proximity, etc The cyber security portion of the Risk Assessment must identify and provide detailed recommendations to mitigate vulnerabilities that allow an attacker to disrupt undermine or take control of the system. The assessment must address remote/external threats as well as internal/insider threats. The cyber security assessment must be tailored to the specific needs and issues of the specific, installed Industrial Control System (ICS) which are very different from the typical Office Automation (OA) system The Contractor shall review and assess current emergency response plan based on findings of the assessment, perform a gap assessment The Contractor shall complete the Risk Assessment in accordance with standards set by the AWWA and the ANSI/AWWA J (R13) Risk and Resilience Management of Water and Wastewater Systems (RAMCAP) The Contractor shall, as a part of the Risk Assessment, catalog the following: risk assessment findings and data, secure access for specifically identified critical management personnel only, vulnerabilities of such data and systems, chain of custody concerns for vulnerability assessment deliverables, requirements of software and DC Water network compatibility, and maintenance/update requirements for the software and input data The Contractor shall utilize the Program to Assist Risk & Resilience Examination (PARRE) tool to complete the Risk Assessment The Contractor shall utilize information from the 2012 Blue Plains assessment to complete the Risk Assessment, incorporating elements to support completion along with incorporating relevant findings from other vulnerability assessments including cyber assessments, DHS Site Assistance Visits, information from Washington Aqueduct assessments, the District of Columbia (DC) Threat and Hazard Identification and Risk Assessment (THIRA) and any other relevant assessments available. This will be provided to the Contractor by the COTR at contract award The Contractor shall ensure that the Risk Assessment is consistent with the 2015 District of Columbia (DC) and 2015 National Capital Region (NCR) Threat and Hazard Identification and Risk Assessments (THIRA) using the threats identified in those documents Prior to completing the Risk Assessment the Contractor shall provide training (and training materials in electronic format) and complete the knowledge transfer to the COTR and other DC Water personnel on the specifics of what involved in the assessment and the role of the stakeholders in completing the project.
5 Page 4 of Upon completion of the Risk Assessment the Contractor shall present the written Risk Assessment report to COTR and other DC Water personal to obtain feedback and acceptance prior to preparing a Gap Analysis and Risk Reduction Recommendations report. 4. Gap Analysis and Risk Reduction Recommendations Report: 4.1. The Contractor shall use the Risk Assessment to develop and deliver to DC Water a Gap Analysis and Risk Reductions Recommendations Report (the Report ) The Contractor shall include in the Gap Analysis section of the Report an assessment of DC Water s current emergency response planning that incorporates the findings and recommendations of the Risk Assessment and make recommendations for best emergency response planning methodology based on the ANSI/AWWA G standard The Contractor shall include in the Risk Reduction Recommendations section of the Report a prioritized program of recommended risk reduction measures with an associated Agency-wide cost benefit analysis to include, but not be limited to: a) A listing of all federal facilities that are co-located or adjacent to DC Water assets; b) Detailed remediation and resiliency strategies separated by physical, operational, and cyber (BIT, ICS, SCADA, and ESS networks) assets based on findings in the Risk Assessment; c) Risk reduction and resilience implementation prioritization in two separate recommendations lists: 1) individual recommendations based on actual risk and priority; and 2) recommendations to include cost effective and/or maximum benefit groupings and priorities; and d) An implementation strategy to include prioritized site planning for all identified vulnerabilities and detailed mitigation recommendations The Contractor shall also include, at a minimum, the following items in the Report: a) An analysis of the DC Water s mission and determination of the consequences that could affect it; b) Detail and rank both internal and external physical, operational, and cyber asset characterization; c) A detailed description of an all-hazards threat assessment; d) A detailed description of a threat analysis; e) A detailed description of a consequence analysis; f) A detailed description of a resilience analysis; and g) An Evaluation of security and operations policy against ANSI/AWWA G standard. 5. Milestones, Deliverables, and Payment: The Contractor shall provide, at a minimum, the deliverables set forth below. DC Water prefers the payment to be directly linked to the successful completion of each milestone per milestone payment shown below. A higher preference and evaluation score will be given to contractor(s) with a milestone payment such as shown below over contractor(s) who requests payment that is not tied to the successful outcome of the work (i.e. monthly invoicing). MILESTONES DELIVERABLE DUE DATE Project Initiation Software Recommendation Risk Assessment (in MS Project and PDF format) Recommendation document of Risk Assessment Software Risk Assessment report (in MS Word and PPT) Within 10 days following the project kickoff MILESTONE PAYMENT No more than 10% No more than 15% No more than 25%
6 Page 5 of 5 Gap Analysis and Risk Reduction Recommendation Knowledge Transfer Project Documents Gap Analysis and Risk Reductions Recommendations Report No more than 30% Training, training materials, knowledge transfer No more than 15% All software copies, licenses and Five (5) days prior to the end No more than 5% data transferred to DC Water (all in of the contract term electronic format) Monthly Status Reports Quarterly n/a - End of Scope of Work -
All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011
All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011 Copyright 2009 American Water Works Association Copyright 2011 American Water Works Association Security
More informationThe J100 RAMCAP Method
The J100 RAMCAP Method 2012 ORWARN Conference Kevin M. Morley, PhD Security & Preparedness Program Manager AWWA--Washington, DC Water is Key to Daily Life Potable drinking water Sanitation Public Health
More informationAn Update on Security and Emergency Preparedness Standards for Utilities
An Update on Security and Emergency Preparedness Standards for Utilities Linda P. Warren, Launch! Consulting Safety and Security in the Workplace March 28, 2013 Overview 1 Review of AWWA Standards in Water
More informationDISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY DEPARTMENT OF PROCUREMENT
DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY DEPARTMENT OF PROCUREMENT REQUEST FOR PROPOSALS (RFP) for An Independent Review of Architectural and Engineering Consultant Overhead Rates RFP NUMBER: 17-PR-DETS-45
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationMetropolitan Washington Airports Authority PROCUREMENT AND CONTRACTS DEPT. AMENDMENT OF SOLICITATION
Metropolitan Washington Airports Authority PROCUREMENT AND CONTRACTS DEPT. AMENDMENT OF SOLICITATION Metropolitan Washington Airports Authority Procurement and Contracts Dept., MA-29 2733 Crystal Drive
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationTechnical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM
Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM Document Details Title Description Version 1.1 Author Classification Technical Vulnerability and Patch Management Policy
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationFY Bay Area UASI Risk and Grants Management Program Update. November 14, 2013
FY 2013-2014 Bay Area UASI Risk and Grants Management Program Update November 14, 2013 Overview FY 2013 Bay Area UASI Risk and Grants Management Program May 2013 December 2013 Data Management Analysis
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationAmerican Association for Laboratory Accreditation
R311 - Specific Requirements: Federal Risk and Authorization Management Program Page 1 of 10 R311 - Specific Requirements: Federal Risk and Authorization Management Program 2017 by A2LA. All rights reserved.
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationCYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE
CYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE Cyber Security A Hot Topic NotPetya Cyberattack 2018 Thales Data Threat Report Tempting Cedar Spyware Implementation
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationScope Cyber Attack Task Force (CATF)
Scope Cyber Attack Task Force (CATF) PART A: Required for Committee Approval Purpose This document defines the scope, objectives, organization, deliverables, and overall approach for the Cyber Attack Task
More informationSecurity Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015
Security Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015 Who is Cascade Water Alliance? Joined together in 1999 350,000 residents 20,000 businesses City of Bellevue
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationWritten Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company
Written Statement of Timothy J. Scott Chief Security Officer The Dow Chemical Company Representing The Dow Chemical Company and the American Chemistry Council To the United States Senate Committee on Homeland
More informationPERSPECTIVES ON A J100 VULNERABILITY ASSESSMENT OUTCOMES AND LESSONS LEARNED BY MINNEAPOLIS WATER AUGUST 2016
PERSPECTIVES ON A J100 VULNERABILITY ASSESSMENT OUTCOMES AND LESSONS LEARNED BY MINNEAPOLIS WATER AUGUST 2016 Mr. Glen Gerads, Director of Minneapolis Water Mr. Andrew Ohrt, PE, Arcadis Agenda What is
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationSystem-wide Security Assessment for MetroLink
System-wide Security Assessment for MetroLink June 21, 2018 Presented by: PROJECT OVERVIEW Perform a comprehensive security assessment of the St. Louis MetroLink System, resulting in recommendations to
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationUnited States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS
United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS UTILITY CYBER SECURITY INITIATIVE (UCSI) CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) ASSESSMENT FOR THE
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationDHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs
DHS Overview of Sustainability and Environmental Programs Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs DHS Mission DHS Organization Getting to Know DHS Mission: Secure
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationNational Level Exercise 2018 After-Action Findings
National Level Exercise 2018 After-Action Findings National Level Exercise (NLE) 2018 examined the ability of all levels of government, private industry, and nongovernmental organizations to protect against,
More informationIMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION
IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are
More informationManaged Trusted Internet Protocol Service (MTIPS) Enterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP)
Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS MTIPS Risk Management Framework Plan Managed Trusted Internet Protocol Service (MTIPS) Enterprise Infrastructure Solutions (EIS) Risk Management
More informationService Description: Identity Services Engine Implementation-Subscription Service
Page 1 of 6 Service Description: Identity Services Engine Implementation-Subscription Service Services Summary This document describes the Identity Services Engine Implementation. Subscription Service.
More informationNational Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015
National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015 The Post Katrina Emergency Management Reform Act (2006) Required the
More informationRequest for Proposal for Technical Consulting Services
Request for Proposal for Technical Consulting Services The Node.js Foundation is requesting proposals from highly qualified consultants with demonstrated expertise in providing Node.js technical consultation
More informationThe Water Sector Approach to Cybersecurity
The Water Sector Approach to Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Kevin M. Morley, PhD American Water Works Association 2016 ISA Water / Wastewater
More informationELECTRICAL ENGINEERING & INSTRUMENTATION MECHANICAL ENGINEERING BIOLOGICAL & INDUSTRIAL ENGINEERING NUCLEAR ENGINEERING STRUCTURAL & CIVIL
ELECTRICAL ENGINEERING & INSTRUMENTATION MECHANICAL ENGINEERING BIOLOGICAL & INDUSTRIAL ENGINEERING NUCLEAR ENGINEERING STRUCTURAL & CIVIL ENGINEERING SYSTEMS INTEGRATION ELECTRONIC DATA MANAGEMENT PROJECT
More informationHUMBOLDT COUNTY Website Accessibility Policy
SECTION: Information Technology ORIGINAL ISSUE DATE: 11/08/2016 REVISION DATE: 02/27/2018 10/16/2018 PAGE 1 OF 4 HUMBOLDT COUNTY Website Accessibility Policy I. PURPOSE The purpose of this policy is to
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape
More informationNAPA SANITATION DISTRICT
NAPA SANITATION DISTRICT WESTIN TECHNOLOGY SOLUTIONS - TASK ORDER No. 02 SCADA MASTER PLAN (CIP 19718) Date: Issued under Professional Services Agreement dated. To: Westin Technology Solutions Project
More informationRequest for Proposals for Data Assessment and Analysis
Request for Proposals for Data Assessment and Analysis Introduction The Center for NYC Neighborhoods requires the services of a consultant to create a data architecture with the overall goal of assessing
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationService Description: CNS Federal High Touch Technical Support
Page 1 of 1 Service Description: CNS Federal High Touch Technical Support This service description ( Service Description ) describes Cisco s Federal High Touch Technical support (CNS-HTTS), a tier 2 in
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationLong-Term Power Outage Response and Recovery Tabletop Exercise
1 Long-Term Power Outage Response and Recovery Tabletop Exercise After Action Report [Template] The After-Action Report/Improvement Plan (AAR/IP) aligns exercise objectives with preparedness doctrine to
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationThe next generation of knowledge and expertise
The next generation of knowledge and expertise UNDERSTANDING FISMA REPORTING REQUIREMENTS 1 HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationSkybox Security Vulnerability Management Survey 2012
Skybox Security Vulnerability Management Survey 2012 Notice: This document contains a summary of the responses to a June 2012 survey of 100 medium to large enterprise organizations about their Vulnerability
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationA Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.
A Practical Guide to Avoiding Disasters in Mission-Critical Facilities Todd Bermont What is a Disaster? An event that can unexpectedly impact the continuity of your business Anything that injures or has
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationPSEG Nuclear Cyber Security Supply Chain Guidance
PSEG Nuclear Cyber Security Supply Chain Guidance Developed by: Jim Shank PSEG Site IT Manager & Cyber Security Program Manager Presented at Rapid 2018 by: Bob Tilton- Director Procurement PSEG Power Goals
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationInternal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit
Internal Audit Report Electronic Bidding and Contract Letting TxDOT Office of Internal Audit Objective Review of process controls and service delivery of the TxDOT electronic bidding process. Opinion Based
More informationALBEMARLE COUNTY SERVICE AUTHORITY
ALBEMARLE COUNTY SERVICE AUTHORITY AGENDA ITEM EXECUTIVE SUMMARY AGENDA TITLE: Strategic Plan Process STAFF CONTACT(S)/PREPARER: Gary O Connell, Executive Director AGENDA DATE: September 20, 2018 ACTION:
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationFEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017
FEMA Update Tim Greten Technological Hazards Division Deputy Director NREP April 2017 FEMA Strategic Priorities Priority 1: Be survivor-centric in mission and program delivery. Priority 2: Become an expeditionary
More informationThe Internet Society. on behalf of. The IETF Administrative Oversight Committee. Request for Proposal. RFC Editor RFC Format CSS Design
The Internet Society on behalf of The IETF Administrative Oversight Committee Request for Proposal RFC Editor RFC Format CSS Design Date of Issuance: July 22, 2016 Proposal Submission Deadline: September
More informationWhen Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.
When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of
More informationOPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY
OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY Vadim Prostakov Vienna 02.04.2009 OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY 1.
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationSEAWALL EARTHQUAKE SAFETY & DISASTER PREVENTION PROGRAM
SEAWALL EARTHQUAKE SAFETY & DISASTER PREVENTION PROGRAM Port Jurisdiction Historic shoreline Presentation to the Port Commission March 13, 2018 Photo Michael Macor SEAWALL EARTHQUAKE SAFETY & DISASTER
More informationGETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE By Shared Assessments
GETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE By Shared Assessments GETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE TABLE OF CONTENTS About the SIG... 2 SIG Quick Start Guide For Responders...
More informationInformation Technology Disaster Recovery Planning Audit Redacted Public Report
1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor Information Technology Disaster Recovery Planning Audit Redacted Public Report June 12, 2018 City of Edmonton
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationT&E Workforce Development
T&E Workforce Development 2016 ITEA Cyber Security Workshop Mr. Thomas W. Simms Deputy Director, T&E Competency & Development Deputy Assistant Secretary of Defense (DT&E) March 17, 2016 Agenda Policy Overview
More informationWORK AUTHORIZATION NO. 4 CONTRACT FOR PROFESSIONAL ACCOUNTING SERVICES
WORK AUTHORIZATION NO. 4 CONTRACT FOR PROFESSIONAL ACCOUNTING SERVICES THIS WORK AUTHORIZATION is made pursuant to the terms and conditions of Article 5 of the Professional Accounting Services Contract
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationClinical Information Security Pre-Purchase Security Assessment Vendor Packet Instructions
Clinical Information Security Pre-Purchase Security Assessment Vendor Packet Instructions Executive Summary Mayo Clinic s primary value is The needs of the patient come first. It is built into our daily
More informationDFARS Cyber Rule Considerations For Contractors In 2018
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More information