Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
|
|
- Leona Ford
- 5 years ago
- Views:
Transcription
1 Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
2 Jovial about Joval LANL s latest SCAP Adventure Angelo Ortiz May 22, 2018 Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LA-UR
3 Overview What is SCAP? Why SCAP? SCAP at LANL Scope What is Joval? Installation, Configuration, and Deployment Integration with Host Continuous Monitoring Integration with RSA Archer Pros and Cons Now what? Questions SCAP is Security Content Automation Protocol LA-UR /13/2018 3
4 What is SCAP? Security Content Automation Protocol SCAP is a suite of specifications that standardize the format and nomenclature by which security software products communicate software flaw and security configuration information. - NIST SP SCAP is a methodology SCAP is a protocol SCAP is content Checklists Identifiers LA-UR /13/2018 4
5 Why SCAP? Support Continuous Monitoring efforts Local and NNSA Continuous monitoring of system compliance with security configuration baselines DISA STIGs USGCB LANL must comply with high level requirements Federal Information Security Management Act (FISMA) RSA Archer LA-UR /13/2018 5
6 SCAP at LANL SCC LA-UR /13/2018 6
7 Scope Windows, Mac, RHEL Windows 10 RHEL7 macos Connected to Yellow unclassified network DISA STIGs SCAP content LA-UR /13/2018 7
8 What is Joval? Java + OVAL = Joval Java-based Command line, no GUI Host based and agentless sensor SCAP compliance assessment tool Natively processes OVAL, XCCDF, and other standards + = LA-UR /13/2018 8
9 Installation, Configuration, and Deployment LANLize the content Disable/enable checks Change values Test content Create wrapper and Windows Service RunJoval service Runs SCAP assessment every 4 hours JSON file <select idref="v-63377" selected="true" /> <select idref="v-63379" selected="false" /> <select idref="v-63381" selected="true" /> <select idref="v-63383" selected="true" /> <select idref="v-63385" selected="true" /> <select idref="v-63387" selected="false" /> <select idref="v-63389" selected="true" /> <select idref="v-63391" selected="false" /> <select idref="v-63395" selected="false" /> Create installer Deploy to pilot group via SCCM Deploy labwide LA-UR /13/2018 9
10 LA-UR /13/
11 Integration with Host Continuous Monitoring Hostname: AngeloHost1 IP: PN#: Last seen: 5/7/ :00AM OS: Windows 10 Enterprise Security Plan: Level 2 OU: Desktops Overall Score: Grade: A- Owner: Angelo Ortiz Scan date: 5/7/2018 SEP: Healthy: last scan: 5/7/2018 SCCM (Patch agent): Healthy: last scan: 5/7/2018 SCCM (Software agent): Healthy: last scan: 5/7/2018 Missing patches: 0.00 Missing software: 0.00 CVE score: 0.00 Compliance Violations: Score -CCI : Minimum password length must be 14 characters CCI : Maximum password age must be 60 days or less (but not zero) CCI : Password must meet complexity requirements is enabled LA-UR /13/
12 Integration with RSA Archer Pull from Host CM Populate GRC More accurate risk picture of hosts Continuous Authorization and Accreditation LA-UR /13/
13 Pros Cross platform Fast Minimal performance impact Minimal false positives Good customer support Cons Another agent Manage Java Manage content Some custom development required LA-UR /13/
14 Now what? Complete Joval testing on RHEL Continue testing on Windows Different guidance (CIS, NIST, etc) SCAP content for Mac? Keep the content fresh, LANLized LA-UR /13/
15 Questions? Angelo Ortiz (505) (505) Joval jovalcm.com LA-UR /13/
Tanium Comply User Guide. Version 1.7.3
Tanium Comply User Guide Version 1.7.3 August 21, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is
More informationSCAP Security Guide Questions / Answers. Ján Lieskovský Contributor WorkShop November 2015
SCAP Security Guide Questions / Answers Ján Lieskovský Contributor WorkShop November 2015 Agenda Introductory Notes SSG Repository Structure Contributing To SSG Developer Workflow Introductory Notes SCAP
More informationFISMA COMPLIANCE FOR CONTAINERIZED APPS
FISMA COMPLIANCE FOR CONTAINERIZED APPS Using Atomic Scan and OpenSCAP with containers Jason Callaway Red Hat Principal Solutions Architect jcallawa@redhat.com @jasoncallaway jasoncallaway.com AGENDA Slides
More informationPractical OpenSCAP Security Standard Compliance and Reporting. Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer
Practical OpenSCAP Security Standard Compliance and Reporting Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer INTRODUCTION AGENDA Review some slides Follow along demostration
More informationDefense Security Service Industrial Security Field Operations National Industrial Security Program (NISP) Authorization Office (NAO)
Defense Security Service Industrial Security Field Operations National Industrial Security Program (NISP) Authorization Office (NAO) Getting Started with the SCAP Compliance Checker and STIG Viewer Job
More informationOperated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA Improving Remote Access Technology at LANL Veronica Martinez vnm@lanl.gov May 22, 2018 10:30 AM Location: 104B Operated
More informationJune 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP
June 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP Martin Preisler Software Engineer at Red Hat, Inc. mpreisle@redhat.com SECURITY COMPLIANCE configuration hardening
More informationTenable SCAP Standards Declarations. June 4, 2015 (Revision 11)
Tenable SCAP Standards Declarations June 4, 2015 (Revision 11) Table of Contents Center for Internet Security (CIS)... 3 Common Criteria (NIAP)... 3 Common Vulnerability Enumeration (CVE)... 3 Common Configuration
More informationProviding Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment
Providing Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment Joseph L. Wolfkiel Secure Configuration Management Lead Engineer May 2018 1 Disclaimer The information
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationOperated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LANL s Multi-Factor Authentication (MFA) Initiatives NLIT Summit 2018 Glen Lee Network and Infrastructure Engineering
More informationSCAP Security Guide Questions / Answers. Contributor WorkShop Volume #2
SCAP Security Guide Questions / Answers Contributor WorkShop Volume #2 Ján Lieskovský January 2016 Agenda Introductory Notes Source Code / Repository Notes (Moved to Appendix for self-study) SCAP Security
More informationSecure Configuration Manager SCAP Module User's Guide. January 2018
Secure Configuration Manager SCAP Module User's Guide January 2018 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government
More informationWe have very limited time Won t cover extensive theory Won t cover writing SCAP policies - out of scope
GOALS 2 Hands on demos of real world use-cases Check software flaws - vulnerabilities Check configuration flaws - weaknesses Customizing existing security policies Put machines into compliance - remediate
More informationSoftware Assurance Ecosystem Knowledge Architecture. 1 Wednesday, December 31, 2008
Software Assurance Ecosystem Knowledge Architecture 1 1 Wednesday, December 31, 2008 What Do The Building Blocks for Measuring Assurance Look Like? Standard ways for enumerating things we care about Languages/Formats
More informationApplied SCAP: Automating Security Compliance and Remediation. Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014
Applied SCAP: Automating Security Compliance and Remediation Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014 45 MINUTES, 3 GOALS (+15 MIN Q&A) 1. Detail Security Automation Technology + Initiatives
More informationMeeting RMF Requirements around Compliance Monitoring
Meeting RMF Requirements around Compliance Monitoring An EiQ Networks White Paper Meeting RMF Requirements around Compliance Monitoring Purpose The purpose of this paper is to provide some background on
More informationNessus v6 SCAP Assessments. November 18, 2014 (Revision 1)
Nessus v6 SCAP Assessments November 18, 2014 (Revision 1) Table of Contents Overview... 3 Standards and Conventions... 3 Abbreviations... 3 Simple Assessment Procedure... 3 XCCDF Certified vs. Lower-Tier
More information<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide
RSA SECURID ACCESS Standard Agent Client Implementation Guide Pulse Secure John Sammon, Dan Pintal, RSA Partner Engineering Last Modified: July 11, 2018 Solution Summary
More informationCompliance with NIST
Compliance with NIST 800-171 1 What is NIST? 2 Do I Need to Comply? Agenda 3 What Are the Requirements? 4 How Can I Determine If I Am Compliant? 5 Corserva s NIST Assessments What is NIST? NIST (National
More informationVANGUARD INTEGRITY PROFESSIONALS Page 1
VANGUARD CONFIGURATION MANAGER (AUDIT/COMPLIANCE) Vanguard Configuration Manager automates review of current z/os Security Server configurations against prevailing standards to include DISA STIG, NIST,
More informationCreating Near Real-Time and End-to-End Cyber Situational Awareness of University Networks
Creating Near Real-Time and End-to-End Cyber Situational Awareness of University Networks Dr. Deepinder Sidhu - Professor of Computer Science - UMBC Aaron Boteler - Cyberspace Analytics Gunnar Engelbach
More information<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. Swimlane 2.x
RSA ARCHER GRC Platform Implementation Guide Jeffrey Carlson, RSA Partner Engineering Last Modified: 11/02/2017 Solution Summary The RSA Archer integration allows Swimlane
More informationForeScout Extended Module for Advanced Compliance
ForeScout Extended Module for Advanced Compliance Version 1.2 Table of Contents About Advanced Compliance Integration... 4 Use Cases... 4 Additional Documentation... 6 About This Module... 6 About Support
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationMAKING SECURITY MEASURABLE AND MANAGEABLE
MAKING SECURITY MEASURABLE AND MANAGEABLE Robert A. Martin The MITRE Corporation Bedford, MA ABSTRACT The security and integrity of information systems is a critical issue within most types of organizations.
More informationThe Center for Internet Security
The Center for Internet Security Measurably reducing risk through collaboration, consensus, & practical security management Content of this Presentation: I. Background II. Univ. of CA Schools Rights and
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationCyber Security Awareness for SmallSat Ground Networks
Cyber Security Awareness for SmallSat Ground Networks SSC16-IX-02 SmallSat 2016 Ted Vera Colorado Springs, CO (719) 598-2801 Denver, CO (303) 703-3834 Chantilly, VA (703) 488-2500 http://www.rtlogic.com
More informationTenable Network Security Support Portal. November 9, 2010 (Revision 8)
Tenable Network Security Support Portal November 9, 2010 (Revision 8) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 OBTAINING ACCESS TO THE TENABLE SUPPORT PORTAL... 3 MANAGING YOUR NESSUS
More informationDATA SHEET. ez/piv CARD KEY FEATURES:
Personal Identity Verification (PIV) Card ez/piv Card satisfies FIPS 201, HSPD-12. It allows your users to authenticate to z/os Security Server through the use of a government PIV or CAC Card. KEY FEATURES:
More informationS Automating security compliance for physical, virtual, cloud, and container environments
S103174 - Automating security compliance for physical, virtual, cloud, and container environments Using Red Hat CloudForms, Red Hat Satellite, Red Hat Insights and Ansible Tower by Red Hat Lucy Huh Kerner
More informationSecurityCenter 5.0 SCAP Assessments. May 28, 2015 (Revision 2)
SecurityCenter 5.0 SCAP Assessments May 28, 2015 (Revision 2) Table of Contents Overview... 3 Standards and Conventions... 3 Abbreviations... 3 Simple Assessment Procedure... 4 XCCDF Certified vs. Lower-Tier
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT December 13, 2006 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-1 RFP: TQC-JTB-05-0001 December 13, 2006 REVISION HISTORY
More informationIBM BigFix Compliance
IBM BigFix Compliance A single solution for managing endpoint security across the organization Highlights Ensure configuration compliance using thousands of out-of-the-box bestpractice policies with automated
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationRED HAT ENTERPRISE LINUX 6 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW Version 1, Release 2. 3 June 2013
RED HAT ENTERPRISE LINUX 6 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW Version 1, Release 2 3 June 2013 Developed by Red Hat, NSA, and DISA for the DoD Trademark Information Names, products,
More informationSTREAM Integrated Risk Manager Multi-user Deployment Options
Multi-user Deployment Options Contents Multi-User Edition: can be accessed using a Web Browser can be accessed from an iphone or ipad (free app in App Store), and a range of other platforms and mobile
More informationDATA SHEET VANGUARD CONFIGURATION MANAGER TM KEY FEATURES: VANGUARD TAKES THE TARGET OFF YOUR
TM Vanguard automates review of current z/os Security Server configurations against prevailing standards to include DISA STIG, NIST, and DB2 hardening standards and Vanguard Best Practices dramatically
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationSecurity Challenges: Integrating Apple Computers into Windows Environments
Integrating Apple Computers into Windows Environments White Paper Parallels Mac Management for Microsoft SCCM 2018 Presented By: Table of Contents Environments... 3 Requirements for Managing Mac Natively
More informationL105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower
L105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower Lead Presenter: Lucy Kerner, Principal Technical Marketing Manager - Security, Red Hat
More informationHOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE
HOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE The Value of a Red Hat Subscription Jennifer LuPiba Principal Product Marketing Manager, Red Hat Enterprise Linux May 9, 2018 WHY ARE WE PAYING
More informationSecurity Automation Developer Days Winter 2010 Conference Preliminary High Level Agenda
Security Automation Developer Days Winter 2010 Conference Preliminary High Level Agenda Dates: Monday, February 22, 2010 thru Wednesday, February 24, 2010 Location: NIST, Gaithersburg Campus, Building
More informationAUTOMATED PROCESSES IN COMPUTER SECURITY
AUTOMATED PROCESSES IN COMPUTER SECURITY Maroš Barabas Doctoral Degree Programme (3), FIT BUT E-mail: ibarabas@fit.vutbr.cz Supervised by: Petr Hanáček E-mail: hanacek@fit.vutbr.cz ABSTRACT This article
More informationEVALUATION REPORT. Independent Evaluation of NRC s Implementation of the Federal Information Security Management Act (FISMA) for Fiscal Year 2011
EVALUATION REPORT Independent Evaluation of NRC s Implementation of the Federal Information Security Management Act (FISMA) for Fiscal Year 2011 OIG-12-A-04 November 9, 2011 All publicly available OIG
More informationPROFESSIONAL SERVICES (Solution Brief)
(Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard
More information<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1
RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016 Solution Summary Rapid7 Nexpose Enterprise drives the collection
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationDefense Information Systems Agency
Defense Information Systems Agency Risk Management Framework Implementation in Support of our Mission Partners 17 May 2018 UNITED IN INSERVICE TO OUR NATION 1 Disclaimer The information provided in this
More informationStratusphere. Security Overview
Stratusphere Security Overview Introduction This guide has been authored by experts at Liquidware in order to provide a security overview of Liquidware s Stratusphere product, the leading product for VDI
More informationDuring security audits, over 15,000 vulnerability assessments are made, scanning the network IP by IP.
Features LAN Guard Vulnerability scanning and Management Patch Management and Remediation Network and software Auditing Why Choose? 1. Powerful network, security and port scanner with network auditing
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationIASM Support for FISMA
Introduction Most U.S. civilian government agencies, and commercial enterprises processing electronic data on behalf of those agencies, are concerned about whether and how Information Assurance products
More informationCSAM Support for C&A Transformation
CSAM Support for C&A Transformation Cyber Security Assessment and Management (CSAM) 1 2 3 4 5 Five Services, One Complete C&A Solution Mission/Risk-Based Policy & Implementation/Test Guidance Program Management
More informationFederal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011
Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case
More informationHow To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation
How To Establish A Compliance Program Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda High level requirements A written program A sample structure Elements of the program Create
More informationCurrent and Future Issues in Security
Current and Future Issues in Security Rick Therrien TAG-SS Co-chair (Incumbent) Operations Internal Revenue Service July 10, 2008 Infrastructure Security Goals Research emerging trends and requirements
More informationEnterprise Guest Access
Data Sheet Published Date July 2015 Service Overview Whether large or small, companies have guests. Guests can be virtually anyone who conducts business with the company but is not an employee. Many of
More informationa. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard
Kiosk Security Standard 1. Purpose This standard was created to set minimum requirements for generally shared devices that need to be easily accessible for faculty, staff, students, and the general public,
More informationTerms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course
Terms, Methodology, Preparation, Obstacles, and Pitfalls Vulnerability Assessment Course All materials are licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/
More informationSTIG Viewer. Quick Reference Guide
STIG Viewer Quick Reference Guide System Requirements STIG Viewer GUI Components The Savepoint Feature Opening a STIG Searching a STIG Options Menu Program Settings Creating a Checklist Parts of a Checklist
More informationFedRAMP Security Assessment Plan (SAP) Training
FedRAMP Security Assessment Plan (SAP) Training 1. FedRAMP_Training_SAP_v6_508 1.1 FedRAMP Online Training: SAP Overview Splash Screen Transcript Title of FedRAMP logo. FedRAMP Online Training; Security
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Mapping The Network Mapping helps visualize the network and understand relationships and connectivity between
More informationInterface reference. McAfee Policy Auditor Interface Reference Guide. Add Service Level Agreement page
McAfee Policy Auditor 6.4.0 Interface Reference Guide (McAfee epolicy Orchestrator) Interface reference Add Service Level Agreement page Use this page to add Service Level Agreements. Service Level Agreements
More informationIntroduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT McAfee Policy Auditor 6.4 with epolicy Orchestrator 5.10 5 November 2018 383-4-455 V1.0 Government of Canada. This document is the property of the Government of Canada.
More informationWhite Paper. Comply to Connect with the ForeScout Platform
Comply to Connect with the ForeScout Platform ForeScout CounterACT can provide visibility, hygiene, mitigation and control across technical, management and operational assets in accordance with the U.S.
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationBelarc Product Description
Belarc Product Description BelManage Base Belarc's architecture is based on a single enterprise-wide server and database. There is no requirement to maintain local servers or scanners. Belarc's discovery
More informationSoftware Updating: Hitting the Mark
Software Updating: Hitting the Mark Ravi Sankar Technology Evangelist Microsoft Corporation ravi.sankar@microsoft.com Agenda Update Management Overview Update Management Process Update Management Tools
More informationIBM Endpoint Manager for Configuration Management User's Guide
IBM Endpoint Manager for Configuration Management User's Guide ii IBM Endpoint Manager for Configuration Management User's Guide Contents Configuration Management User's Guide 1 Setting up Configuration
More informationArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young
ArcGIS Online A Security, Privacy, and Compliance Overview Andrea Rosso Michael Young ArcGIS Online A Multi-Tenant System Portal Portal Portal ArcGIS Online Agenda Online Platform Security Deployment Architecture
More informationParallels Mac Management v3.1
Parallels Mac Management v3.1 Deployment Guide January 13, 2015 Copyright 1999 2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved. All other marks and names mentioned herein may be
More informationSecurity Metrics and Their Importance
Security Metrics and Their Importance Dave Losen Sr Security Engineer Sergeant Laboratories Why Metrics? Drive and improve your security process Give management meaningful trends to manage the security
More informationUNCLASSIFIED. SCAP & STIG Workshop. Page 1 of 42 UNCLASSIFIED
SCAP & STIG Workshop Page 1 of 42 Table of Contents 1 INTRODUCTION... 4 2 SCAP SECURITY GUIDE PROJECT... 5 2.1 Background... 5 2.2 Project Charter...5 2.3 Installation...6 3 UNDERSTANDING THE COMPONENTS...7
More informationVulnerability & Security Assessment Report Election Systems &Software s Unity
Vulnerability & Security Assessment Report Election Systems &Software s Unity 3.4.1.0 Prepared for the California Secretary of State by: Author: Jacob Stauffer, CISSP, FCMG Contributors: Steve Weingart,
More informationQuickStart Guide for Managing Computers. Version
QuickStart Guide for Managing Computers Version 10.2.0 copyright 2002-2018 Jamf. All rights reserved. Jamf has made all efforts to ensure that this guide is accurate. Jamf 100 Washington Ave S Suite 1100
More informationVANGUARD Compliance Manager VANGUARD Policy Manager VANGUARD Security Manager VANGUARD Enforcer
VANGUARD Compliance Manager VANGUARD Policy Manager VANGUARD Security Manager VANGUARD Enforcer VANGUARD Compliance Manager Customization Compliance Support Performs specific custom baseline checks Performs
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationAvaya Multimedia Messaging Release 3.5
Avaya Multimedia Messaging Release 3.5 General Availability Release Notes Issue 1.0 23 October 2018 2018 Avaya Inc. All Rights Reserved. Table of Contents Change History... 3 Introduction... 3 Installation...
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationInformation Technology Procedure IT 3.4 IT Configuration Management
Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating
More informationPractical Patch Compliance
Practical Patch Compliance Relieving IT Security Audit Pain, From the Data Center to the Desktop Microsoft s System Center Configuration Manager doesn t handle every aspect of Linux/UNIX and third-party
More informationA Security State of Mind: Container Security. Chris Van Tuin Chief Technologist, West
A Security State of Mind: Container Security Chris Van Tuin Chief Technologist, West cvantuin@redhat.com AGENDA Why Linux Containers? CONTAINER What are Linux Containers? APP LIBS Container Security HOST
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationWHITE PAPER CONTINUOUS MONITORING INTRODUCTION & CONSIDERATIONS PART 2 OF 3
WHITE PAPER CONTINUOUS MONITORING INTRODUCTION & CONSIDERATIONS PART 2 OF 3 ABSTRACT This white paper is Part 2 in a three-part series of white papers on the sometimes daunting subject of continuous monitoring
More informationHow to construct a sustainable vulnerability management program
How to construct a sustainable vulnerability management program 1 #whoami -Howard Tsui -Senior Threat and Vulnerability Management Engineer -Financial industry in the United States -Contact teaupdate12@gmail.com
More informationAudit Logging and Monitoring Procedure Document Number: OIL-IS-PRO-ALM
Audit Logging and Monitoring Procedure Document Number: OIL-IS-PRO-ALM Document Détails Title Description Version 1.0 Author Classification Review Date 25/02/2015 Audit Logging and Monitoring Procedures
More informationPractical OpenSCAP, Security Standard Compliance and Reporting Part 1: CLI (command-line)
Presenters: Robin Price II and Martin Preisler Abstract: OpenSCAP is a family of open source SCAP tools and content that help users create standard security checklists for enterprise systems. Natively
More informationVulnerability Management
Vulnerability Management Modern Vulnerability Management The IT landscape today is changing and because of that, vulnerability management needs to change too. IT environments today are filled with both
More informationIBM BigFix Compliance PCI Add-on Version 9.5. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM
IBM BigFix Compliance PCI Add-on Version 9.5 Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM IBM BigFix Compliance PCI Add-on Version 9.5 Payment Card Industry Data Security Standard
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationBuilding Blocks of a Modern Search Engine
Building Blocks of a Modern Search Engine 2018 National Laboratory Information Technology Summit (NLIT) Nicole M Shaw, Los Alamos (nshaw@lanl.gov) Clayton J Pryor, Sandia (cjpryor@sandia.gov) Amy Rein,
More informationRiskVision Connector Framework
RiskVision Connector Framework RiskVision has over 40 pre-built integration connectors for importing vulnerabilities, assets or entities, control results, findings, exploits, incidents, tickets, vulnerability
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Vulnerability Vulnerability Assessment is the systematic examination of an Enterprise to determine the adequacy of
More informationAutomating Security and Compliance for Hybrid Environments
Automating Security and Compliance for Hybrid Environments Lucy Kerner Security Global Technical Evangelist and Strategist, Red Hat lkerner@redhat.com @LucyCloudBling COMMON SECURITY CHALLENGES Inconsistent
More informationContinuous Diagnostics and Mitigation demands, CyberScope and beyond
Continuous Diagnostics and Mitigation demands, CyberScope and beyond IBM BigFix streamlines federal security compliance with real-time insights and remediation Highlights Meet Continuous Diagnostics and
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT McAfee Data Loss Prevention 11.0 with epolicy Orchestrator 5.9.0 4 January 2018 383-4-429 Version 1.0 Government of Canada. This document is the property of the Government
More information