Appendix 2B. Supply Chain Risk Management Plan

Similar documents
Safeguarding of Unclassified Controlled Technical Information. SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013)

Appendix 12 Risk Assessment Plan

OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC

Appendix 12 Risk Assessment Plan

3/2/2012. Background on FISMA-Reheuser. NIST guidelines-cantor. IT security-huelseman. Federal Information Security Management Act

NIST Special Publication

Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

DFARS Cyber Rule Considerations For Contractors In 2018

International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management. Frequently Asked Questions

Request for Proposal HIPAA Security Risk and Vulnerability Assessment. May 1, First Choice Community Healthcare

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

DFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions

Cybersecurity & Privacy Enhancements

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

SAC PA Security Frameworks - FISMA and NIST

Seagate Supply Chain Standards and Operational Systems

Managed Trusted Internet Protocol Service (MTIPS) Enterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP)

FedRAMP Security Assessment Plan (SAP) Training

Framework for Improving Critical Infrastructure Cybersecurity

Tinker & The Primes 2017 Innovating Together

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

Akin Gump Client Update Alert

MDA Acquisition Updates

Information Systems Security Requirements for Federal GIS Initiatives

Exhibit A1-1. Risk Management Framework

American Association for Laboratory Accreditation

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Framework for Improving Critical Infrastructure Cybersecurity

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Agency Guide for FedRAMP Authorizations

Systems Engineering Update/SD-22

The NIST Cybersecurity Framework

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

David Missouri VP- Governance ISACA

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details

Vol. 1 Technical RFP No. QTA0015THA

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Federal Initiatives to Protect Controlled Unclassified Information in Nonfederal Information Systems Against Cyber Threats

MNsure Privacy Program Strategic Plan FY

DOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

INFORMATION ASSURANCE DIRECTORATE

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cybersecurity for Government Contractors: Preparing for Cyber Incidents in 2017

Cybersecurity Challenges

United States Government Cloud Standards Perspectives

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Supply Chain Risk Management Practices for Federal Information Systems and Organizations by Boyens et al. comprises public domain material from the

INTRODUCTION TO DFARS

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Supply Chain (In)Security

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Information Technology Branch Organization of Cyber Security Technical Standard

FedRAMP Security Assessment Framework. Version 2.0

Mr. Games, Thank you. Kent Landfield McAfee, LLC. [Attachment Copied Below]

Negotiations or Clarifications - Do you know the difference?

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Systems Security Engineering: A Framework to Protect Hardware Down to the Last Tactical Inch

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

DoDD DoDI

ROADMAP TO DFARS COMPLIANCE

FedRAMP Security Assessment Framework. Version 2.1

HELLO, MOSCOW. GREETINGS, BEIJING. ADDRESSING RISK IN YOUR IT SUPPLY CHAIN

Risk-Based Cyber Security for the 21 st Century

NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.

Re: McAfee s comments in response to NIST s Solicitation for Comments on Draft 2 of Cybersecurity Framework Version 1.1

OG The Open Group OG TOGAF 9 Combined Part 1 and Part 2

Program Protection Implementation Considerations

Cybersecurity Risk Management

ICT Supply Chain Risk Management Nadya Bartol, CISSP, CGEIT UTC Senior Cybersecurity Strategist

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

FedRAMP Training - Continuous Monitoring (ConMon) Overview

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Market Participant Client Platform

Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities

New Guidance on Privacy Controls for the Federal Government

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

Cyber Security Challenges

Preparing for NIST SP January 23, 2018 For the American Council of Engineering Companies

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Section One of the Order: The Cybersecurity of Federal Networks.

DFARS Defense Industrial Base Compliance Information

Outline. Other Considerations Q & A. Physical Electronic

Request for Proposal To develop and teach a Training Course on RTCA Airworthiness Security Documents (DO-326A, DO-355, and DO-356A)

Updates to the NIST Cybersecurity Framework

Solicitation TOSS8187. Notice of Proposed Sole Source: DVR's and External Hard Drives. State of Utah

SECURITY & PRIVACY DOCUMENTATION

Notification of Issuance of Binding Operational Directive and Establishment of. AGENCY: National Protection and Programs Directorate, DHS.

Evolving Cybersecurity Strategies

TEL2813/IS2820 Security Management

RISK MANAGEMENT FRAMEWORK COURSE

National Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division

Transcription:

Granite Telecommunications, LLC. 100 Newport Ave. Ext. Quincy, MA 02171 Appendix 2B Supply Chain Risk Management Plan This proposal or quotation includes data that shall not be disclosed outside the Government and shall not be duplicated, used, or disclosed--in whole or in part--for any purpose other than to evaluate this proposal. If, however, a contract is awarded to this offeror or quoter as a result of-- or in connection with--the submission of this data, the Government shall have the right to duplicate, use, or disclose the data to the extent provided in the resulting contract. This restriction does not limit the Government's right to use information contained in this data if it is obtained from another source without restriction. The data subject to this restriction are contained in sheets marked with the following legend: Use or disclosure of data contained on this sheet is subject to the restriction on the title FPR 16:GT-RMG-1440 Rev. 1 30 MAR 2017 Solicitation number QTA0015THA3003 EIS

TABLE OF CONTENTS ITEM DESCRIPTION PAGE 1.0 Introduction 4 2.0 Policy 4 3.0 Granite s Supply Chain Risk Management Team 5 4.0 Identifying Risks and Vulnerabilities 6 5.0 Current Granite Safeguards and Controls 9 6.0 Monitoring and Tracking 17 7.0 Action Items 20 8.0 RFP Specific Information 21 9.0 Plan Updates 28 10.0 Conclusion 28 2

REVISION HISTORY REVISION NUMBER REVISION DATE SUMMARY OF REVISION 1440 04 NOV 2016 FPR 1440 Rev. 1 16 MAR 2017 FPR Rev 1 3

1.0 - INTRODUCTION: In compliance with Section G.6.3 and Section F.2, Deliverable 19 and 77, Granite has prepared an initial Supply Chain Risk Management Plan ( SCRM Plan ), which describes Granite s approach to vulnerabilities in Granite s supply chain infrastructure and demonstrates how Granite s approach will reduce and mitigate these risksgranite has prepared this SCRM Plan in the following parts: Policy, SCRM Team, Identifying Risks and Vulnerabilities, Monitoring and Tracking, Action Plans, RFP Specific Information, and Plan Updates. 2.0 - POLICY: Granite has done a thorough review of publications, guidelines, and standards implemented by the National Institute of Standards and Technology (NIST). 4

NIST SP 800-53 R4 Security and Privacy Controls for Federal Information Systems and Organizations. This publication was developed by NIST, the Department of Defense, the Intelligence Community, and the Committee of National Security Systems as part of the Joint Task Force, an interagency partnership formed in 2009. The purpose of this publication is to provide guidelines for building stronger, more resilient information systems using system components with sufficient security capability to protect core missions and business functions. NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations. This publication was developed by NIST to provide guidance to federal agencies on identifying, assessing, selecting, and implementing risk management processes and mitigating controls throughout their organizations to help manage ICT supply chain risks. 3.0 - PART I: GRANITE S SUPPLY CHAIN RISK MANAGEMENT TEAM 5

4.0 - PART II: IDENTIFYING RISKS AND VULNERABILITIES Figure 1: Multi-Tiers

7

Framing Risks Assessing Risks Figure 2: 8

5.0 - PART III: CURRENT GRANITE SAFEGUARDS AND CONTROLS Controls 9

Figure 3: 10

11

12

13

14

15

16

6.0 - PART IV: MONITORING AND TRACKING 17

components. 18

19

7.0 - PART V: ACTION ITEMS 20

8.0 - PART VI: RFP SPECIFIC INFORMATION 21

22

23

24

25

26

27

9.0 - PART VII: PLAN UPDATES 10.0 - CONCLUSION 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback