Davidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST

Similar documents
SAC PA Security Frameworks - FISMA and NIST

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

DSS in Transition RMS Pilot

MINIMUM SECURITY CONTROLS SUMMARY

Accelerate Your Enterprise Private Cloud Initiative

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

DFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions

Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

Welcome to the webinar! We will start within a few minutes

INTRODUCTION TO DFARS

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

ROADMAP TO DFARS COMPLIANCE

Streamlined FISMA Compliance For Hosted Information Systems

Information Warfare Industry Day

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

CYBERSECURITY MATURITY ASSESSMENT

Role of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

ISACA Arizona May 2016 Chapter Meeting

ISA99 - Industrial Automation and Controls Systems Security

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Safeguarding of Unclassified Controlled Technical Information. SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013)

CompTIA CASP (Advanced Security Practitioner)

Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS

Securing Your Digital Transformation

E-guide Getting your CISSP Certification

Cyber Security for Process Control Systems ABB's view

Using Metrics to Gain Management Support for Cyber Security Initiatives

Solutions Technology, Inc. (STI) Corporate Capability Brief

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

CSAM Support for C&A Transformation

Supplier Training Excellence Program

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Safeguarding unclassified controlled technical information (UCTI)

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Archiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention

A company built on security

Because Security Gives Us Freedom

DEFENSE LOGISTICS AGENCY

SOLUTION BRIEF Virtual CISO

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

INFORMATION ASSURANCE DIRECTORATE

Influence and Implementation

INFORMATION ASSURANCE DIRECTORATE

LESSONS LEARNED IN SMART GRID CYBER SECURITY

CA Services Partner. Implementation Enablement. Eugene Banks FY18

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

FiXs - Federated and Secure Identity Management in Operation

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

NIST CyberSecurity Framework+ Brian Ventura SANS Community Instructor ISSA Portland, Director of Education Information Security Architect, City of

VMware Enterprise Desktop Virtualization. Robin Crewe Senior Director, Virtual Desktop Infrastructure (VDI)

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

The Future of HITRUST

WORKSHARE SECURITY OVERVIEW

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Mapping of FedRAMP Tailored LI SaaS Baseline to ISO Security Controls

Critical Infrastructure Security Vulnerability Assessment. A New Approach. Norman Bird - Senior Technical Lead - Nuclear Security

Building Secure Systems

Certified Information Security Manager (CISM) Course Overview

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Sage Data Security Services Directory

Integrating Cyber Security and Safety Systems Engineering Disciplines with a common Code of Practice

2013 InterWorks, Page 1

CYBER ASSISTANCE TEAM OVERVIEW BRIEFING

Information Security Policy

Cisco Virtual Experience Infrastructure for Government. Virtualize Your Desktop and Increase Agency Efficiency

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

DFARS Cyber Rule Considerations For Contractors In 2018

Certified Information Systems Auditor (CISA)

CISO as Change Agent: Getting to Yes

Enabling Fast IT. In the IoE era. Alberto Degradi DCV Sales Leader. November 2014

The NIS Directive and Cybersecurity in

External Supplier Control Obligations. Cyber Security

The Perfect Storm Cyber RDT&E

NW NATURAL CYBER SECURITY 2016.JUNE.16

COMPLIANCE IN THE CLOUD

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Cyber Security Challenges

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Defensible Security DefSec 101

CCISO Blueprint v1. EC-Council

Managed Security Services - Endpoint Managed Security on Cloud

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Enabling Efficient, Consistent Certification and Accreditation Enterprise-Wide

Risk Management Framework for DoD Medical Devices

End-to-end Safety, Security and Reliability Keys for a successful I4.0 Migration

INFORMATION ASSURANCE DIRECTORATE

THE POWER OF TECH-SAVVY BOARDS:

Cybersecurity Auditing in an Unsecure World

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Transcription:

Davidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST 800-171

Davidson Technologies Founded in 1996 by Dr. Julian Davidson Father of Missile Defense in America Sen. Jeff Sessions After Dr. Julian Davidson death in 2013 Dr. Dorothy Davidson stepped in to run the company as a woman-owned small business Our Capabilities: Missiles Aerospace Cyber Intelligence 2016 Nunn-Perry Award winner with Northrop Grumman on the Mentor-Protégé Program Slide 2

Davidson Technologies - A New Cyber System? Cyber is a core capability, so how does DTI s internal cyber stack up? If it ain t broke Slide 3

Davidson Technologies - Cyber Driver The Department [DoD] is now realizing that there is a plethora of data that is not classified, but that can provide potential adversaries with a wealth of information about our operations and systems. Mr. Lee Rosenberg, Director MDA OSBP from OSBP Quarterly Newsletter January 2016 51 NIST 800-53 Controls AC: Access Control AT: Awareness Training AU: Auditing and Accountability CM: Configuration Management CP: Contingency Planning IA: Identification and Authentication IR: Incident Response Slide 4

Davidson Technologies - New Cyber System The Primary Goals Provide a secure computing environment to meet or exceed all regulatory compliance requirements Allow for easy and seamless access to data and processing capabilities for all employees Ensure data integrity and confidentiality by bringing the users to the data, instead of sending the data to the users Maintain modularity for easy and affordable scalability Operate on a minimal footprint, both environmentally and operationally Slide 5

ACSIS - Automated Cyber Secure Information System ACSIS is a secure virtualized cyber framework enabling end users access to network resources from anywhere with any device while maintaining regulatory compliance An investment by Davidson Technologies to design a multi-purpose/multiapplication system capable of meeting high end processing, big data, and regulatory compliance Designed Maintain and modularity implemented for by DTI easy and Cyber/IT affordable professionals scalability with core competencies in systems and cyber engineering Operate on with a DoD minimal and other footprint, both regulatory environmentally domain knowledge and operationally Cyber IT SE&I Missile Defense Slide 6

ACSIS - Certified Engineers and Architects Slide 7

ACSIS - Traditional Engineering Drove Design and Documentation Project Initiation Preliminary Engineering Specs, & Est. Construction Project Closeout Concept of Operations System Validation System Requirements Conceptual Design Subsystem Verification System Deployment Detailed Design Test / Pilot Program Software and Hardware Configuration and Field Installation Slide 8

ACSIS - Continuous Life Cycle Development Requirements Maintenance & Improvements Specifications Validate & Verify Design Implementation & Integration Deployment & Configuration Test/Pilot Slide 9

ACSIS - Architecture Bring the user to the data instead of the data to the user Smart Phone Virtual Server Infrastructure Hyper Converged Modular Hardware Traditional Desktop Zero Client Laptop Tablet Virtual Desktop Infrastructure Slide 10

ACSIS - Why VDI? (PROs Vs. CONs) PROs PROs Data Protection Desktop Configuration Control Vulnerability Management Patch Management License Management Virtual Application Delivery Easy Resource Allocation Continuous User Experience Access from Secure Locations Easy Remote Access ROI for End Point Devices Revitalization of IT assets Centralized Desktop Support BYOD Policy Enforcement CONs CONs Eggs all in one basket Physical Security Bandwidth and Storage IT becomes 24/7 (no network = no infrastructure) Subject Matter Experts TDY with no network Virtual Desktop Infrastructure Slide 11

ACSIS - Lessons Learned Maintain Interoperability Chart for all Virtualization Vendors Software and Versions. Provide users an opportunity to learn and understand VDI Be careful of the bleeding edge It can hurt Continue to evaluate new products Invest in the appropriate monitoring tools and dashboards Slide 12

Why ACSIS? Economical and Modular for Easy Scalability Centralized Management and Configuration Layered Security (Security In-Depth) Ease of Access and Usability Minimal Footprint Slide 13

ACSIS - Recurring Questions & Enduring Issues Is it CUI or UCTI or CDI or? What is considered CUI/UCTI/CDI? Do we have CUI/UCTI/CDI? Who is certifying / accrediting that systems are compliant? Will our self NIST 800-171 assessment suffice? Slide 14

Secure Cyber Supply Chain Offering Suppliers an Integrated Program Environment (IPE) IPE Plans- SEMP, Quality etc. Metrics: EV, others Cyber Status Training and Cert. Status Program Level Data & Information IDE Tools SE&I Reports Requirements & Specs Comments Design Metrics Collaboration Test/Performance Data Real-Time Transparency Requirements & Specs Risk Assessment & Mitigation Dashboards, Reporting, Transparency Contracts Data Secure Personal Data Supplier Interaction Reports Schedules/ Status Collaboration: Users, Stakeholders IDE- Familiar Construct Classified Environment- Familiar Construct IPE using ACSIS- An Analogous Model to Control/Secure Your Program- Focused Network Customer, Company, Team, Coalition Users per Permissions IPE Enabled by ACSIS, a Foundational, Secure IT/Cyber System Slide 15

ACSIS Potential Applications Big Data IT Cyber System Training System System of Systems (SoS) M&S, T&E DoD Program Applications Warfighter Applications Slide 16

ACSIS Potential Applications Backup Services On-Site Contractor Restricted Equipment Real-Time Monitoring Software Development Lab Slide 17

ACSIS For additional information please contact: ACSIS@davidson-tech.com Collaboration to Develop IP/Discriminator Small Business Partnerships Program Development Support Architecture and System Development Comprehensive Regulation Knowledge Life-Cycle Value Added Opportunity Shaping Customer Relationships Vendor Relationships IAMD/BMDS Domain Knowledge Slide 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback