Click to edit Master title style

Size: px
Start display at page:

Download "Click to edit Master title style"

Transcription

1 Click to edit Master title style Fourth level» Fifth level

2 Click Integrating to edit Master Cybersecurity title style Requirements into Source Selection and Contracts Breakout Session #F15 Alex Odeh, Third Cost level Analysis, Lead, The MITRE Corporation Fourth level Erin Schultz,» Department Fifth level Head, The MITRE Corporation Virginia Wydler, CPCM, Fellow, Principal Analyst, The MITRE Corporation Date: July 28, 2015 Time: 4:00 5:15 pm 1 Approved for Public Release; Distribution Unlimited The MITRE Corporation. ALL RIGHTS RESERVED.

3 Click Outline to edit Master title style What is Cybersecurity? Federal Guidance Contracting Life Cycle Evaluation Fourth level Criteria» Fifth level Proposal Instructions Best Practices Q&A Resources 2

4 Click to edit Master title style Cybersecurity Threats Fourth level» Fifth level Intangible Assets Create Vulnerabilities DOD Cybersecurity Gaps Could Be Canary in Federal Acquisition Coal Mine Workplace and Personal Lives are Blurring 3

5 Click Cybersecurity to edit Master Defined title style Process of applying security measures to ensure confidentiality, integrity, and availability of data Wikipedia Collection of tools, policies, security concepts, security Third safeguards, level guidelines, risk management approaches, Fourth actions, level training, best practices International» Fifth Telecommunications level Union (ITU) Prevention of damage to, protection of, and restoration of computers, electronic communications systems and services to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation DoD Instruction , 14 Mar 2014 Know What Cybersecurity Means To Your Contract 4

6 Cybersecurity Click to edit Master and Acquisition title style High Complexity Low Low Cybersecurity 2014: National Cybersecurity Protection Act 2014: Cybersecurity Workforce Assess Act 2014: Second Cybersecurity Enhancement level Act 2013: DoDI Acquisition Process(cyber) 2013: EO 13636: Imp Critical Infrastructure Cyber 2002: Federal IS Management Act (FISMA) 2002: Homeland Fourth Security Act level (creates DHS) 2000: First Denial of Service attack 1995: AOL phishing (AOHell)» Fifth level 1988: Morris Worm appears 1986: Computer Fraud and Abuse Act 1986: Malware virus Brain emerged Agencies developing guidelines May involve all complexity levels (low to high) Relatively new and still emerging 2015: Federal IT Acquisition Reform Act 2013: DoDI Acquisition Process 2010: DoD Better Buying Power 1996: FAA & US MINT exempt from FAR 1996: Federal Acquisition Reform Act 1994: Federal Acquisition Streamlining Act : Defense Acquisition Reform Initiatives 1982: Special Panel on Defense Procurement 1981: Carlucci Thirty-Two Acquisition Initiatives 1979: Defense Resources Board 1962: Truth in Negotiating Act (TINA) 1947: Armed Services Procurement Act 1941: Berry Amendment 1861: Civil Sundry Appropriations Act Maturity Federal Acquisition Not a one-size fits all Levels of program complexity Very mature, yet still evolving High 5

7 Click Paradigm to edit Shift Master in Contracting title style From Bolt On Stove-piped, bolted onto contract SOW Compliance checklist Reactive and tactical Fourth level Point in time review» Fifth level Little source review To Baked In Integrated and built into contract SOW, T s & C s Apply risk management Proactive, and strategic Full lifecycle, start early Verify trusted sources 6

8 Click Why Should to edit Master You Care? title style Cyber breaches and threats are real and increasing Government cybersecurity policies and guidance have increased in last few years, impacting Third the level contracting process Fourth level Government is shifting from compliance-based» Fifth level security requirements to cybersecurity riskbased management Cybersecurity needs to be integrated into programs and contracts to facilitate program management success 7

9 Click Federal to Cybersecurity edit Master title Guidance style Executive Branch identified cybersecurity as a serious economic national security challenge DHS assigned primary responsibility for federalwide information security program compliance GSA and DoD developed implementing Fourth level recommendations» Fifth level Executive Order 13636: Improving Critical Infrastructure Cybersecurity February 2013 Presidential Policy Directive 21: Critical Infrastructure Security and Resilience February 2013 Align cyber and acquisition processes 8

10 Click to edit Master Cybersecurity Frameworks title style Existing Frameworks Updated Fourth level» Fifth level EO generated a cyber framework and roadmap, aligning with risk and personnel frameworks 9

11 Click Implementation to edit Master Plans title style GSA/DoD Report Recommendations I. Institute Click baseline to edit security Master requirements text styles as condition for award II. Address cybersecurity in relevant training III. Develop common Fourth level cybersecurity definitions for federal» Fifth level acquisitions IV. Institute a Federal acquisition cyber risk management strategy V. Include requirement to purchase from OEM, authorized resellers, trusted sources VI. Increase Government accountability for cyber risk management* *Key contracting recommendation WG Lead Don Davidson, OSD Andre Wilkinson, DHS Jon Boyens, NIST Don Johnson, OSD Emile Monette, GSA Joe Jarzombek, DHS Working Group status: https://interact.gsa.gov/group/software-and-supply-chain-assurancessca-forum-wg 10

12 Click Report to Recommendation edit Master title style VI Government Accountability Recommendation VI. Increase Government Accountability for Cyber Risk Management Fourth level Description and Highlights A. Identify and modify acquisition practices that contribute to cyber risk B. Integrate security standards into acquisition planning and contract administration C. Incorporate cyber risk into enterprise risk management and ensure key decision makers (e.g., Program Executive) are accountable: 1. Address cyber risk when defining requirement and» Fifth level analyzing solution 2. Ensure and certify cybersecurity requirements are adequately reflected in the solicitation 3. Participate in evaluation, ensure best value proposal meets cybersecurity requirements 4. Certify contract performance reviews of cybersecurity (e.g., conformance testing, regression testing, technology refresh, supply chain management, engineering change proposals, etc ) are conducted in accordance with prescribed standards Source: DoD and GSA Report on Improving Cybersecurity and Resilience through Acquisition 11

13 Click Contracting to edit Master Life Cycle title style Acquisition Planning Conduct Market Research Release Request for Information Second Develop Acquisition level Plan Develop Cybersecurity Requirements SOW, Fourth SOO, level PWS, Specification References» Fifth level and applicable documents Solicitation Development Request for Proposal (RFP) Develop Contract Data Requirements List (CDRL) Identify clauses and special restrictions Instructions, Evaluation Criteria (L and M) Source Selection Award and Post-Award Management SOW/RFP/L&M critical to integrate cybersecurity into the contracting process 12

14 Click Developing to edit SOW/SOO/PWS Master title style Understand how cybersecurity relates to your contracting process Understand agency cyber policies, guidance Second Solicit industry level input early, continue dialog Integrate Third cybersecurity level throughout the requirements Fourth development level process Ensure» traceability Fifth level between cyber requirements, controls, and program needs Ensure requirements provide defined outputs to support decision making activities Include cybersecurity requirements in all applicable sections Identify applicable and reference documents Identify security constraints Identify mandatory security reporting 13

15 Click Statement to edit of Master Work (SOW) title style Outline Example Section 1: Scope content throughout Section 1.1: Introduction SOW sections Second Section 1.2: level Background Section 1.3: Scope Section 2: Applicable Documents Fourth level Section 2.1: Agency Specifications» Fifth level Section 2.2: Agency Standards Section 2.3: Relevant Cyber Documents Section 3: Requirements Section 3.1: General Requirements Section 3.2: Technical Objectives and Goals Section 3.3: Specific Requirements Section 4: Contract Deliverables Section 5: Security Section 6: Personnel Weave Cybersecurity Source: DoD MIL HDBK 254D: DoD Handbook for Preparation of Statement of Work (SOW) 14

16 Click Solicitation to edit (RFP) Master Content title style A: Solicitation/contract form - None anticipated B: Supplies or services and prices/costs Review CDRL cybersecurity reporting Second Cost recovery level (CLIN structure, cybersecurity) C: Description/Specifications/SOW/SOO/PWS Performance-based Fourth level cyber requirements D: Packaging» Fifth and level marking - None anticipated E: Inspection and acceptance Develop cybersecurity quality assurance plan F: Deliveries or performance Ensure cybersecurity items are addressed G: Contract admin data - None anticipated H: Special contract requirements Cybersecurity-specific contract clauses (e.g., reporting or disclosure) Source: DoD Cybersecurity Implementation Guidebook for Acquisition Program Managers 15

17 Click Solicitation to edit (RFP) Master Content title style I: Contract clauses Cybersecurity-specific contract clauses Cybersecurity Personnel (also Section H) J: List Second of Attachments level Applicable attachments for cybersecurity K: Representations, Fourth level Certifications Certifications» Fifth level that support the cybersecurity strategy (NSA certifications of cryptographic algorithms, cross-domain solutions) L and M: Proposal Information, Evaluation Ensure factors differentiate proposals Define qualification of cybersecurity staff Include critical cybersecurity program objectives Source: DoD Cybersecurity Implementation Guidebook for Acquisition Program Managers 16

18 Click Evaluation to edit Criteria Master (Section title style M) Structure FAR provides broad discretion for criteria HOWEVER, FAR mandates: Quality Second (example level evaluation factors) Technical Approach or Solution Program Fourth Management level and Subcontracts Staffing» and Fifth Key level Personnel Resumes Security Transition Plan Past performance Tailor past performance questionnaires Address cyber breaches and mitigation Price or cost Consider Cybersecurity in each area of Section M Watch for conditions to proposed technical approach that can impact costs or price 17

19 Click Evaluation to edit Criteria Master (Section title style M) Kinds of Contracts Kinds of cybersecurity contracts may include: Hardware/Software Services Development System Fourth level» Fifth level Security Engineering Tailor each kind of cybersecurity contract Prioritized quality against price/cost Consider industry reaction to what is important Is the criteria and its relationship to cost sending the right massage to industry? 18

20 Click to edit Master title style Cybersecurity Evaluation Criteria (Section M) Hardware/Software Degree to which trusted sources are used and proof is Third maintained level Approach to Fourth restricting level physical access» Fifth of nonauthorized personnel level Use of cyber-certified products for hardware and software Approach to detecting counterfeit components How is supply chain diversity implemented Notional or suggested factors Services Approach to developing information assurance Approach to ensuring trusted key personnel Approach to conducting vulnerability assessments Testing approach to ensure services meet requirements Degree to which cybersecurity is included in design trade analysis Degree to which service is non-attributable to Agency How Would You Prioritize These? 19

21 Click to edit Master title style Cybersecurity Evaluation Criteria (Section M) Development Approach to certifying developers, ensuring continued Third certifications level Approach to Fourth integrating level SSE into the lifecycle (e.g.,» Fifth level development, test) Approach to documenting and managing risk (RMF) Tools for security selection and application Approach to ensure Mission Assurance, Resilience Notional or suggested factors System Demonstrated ability to detect and prevent attacks Approach to detecting and minimizing data breaches Approach to integrating and enhancing operational tools Approach to validating staff cyber competency Degree to which approach integrates with CONOPS, information architecture, cyber programs How Would You Prioritize These? 20

22 Click to edit Master title style Cybersecurity Evaluation Criteria (Section M) Click to edit Security Master Engineering text styles Approach to integrating architectural risk analysis, threat Second modeling, level testing, security governance as part of product lifecycle Notional or suggested factors Degree to Fourth which level development uses consistent coding practices and» Fifth standards level throughout product lifecycle Degree to which testing and validation methodologies simulate an attacker breaking an application Degree to which security testing is integrated into software development Approach to respond/report security vulnerabilities Degree to which supply chain risk management ensures security and integrity of sourced components How Would You Prioritize These? Primary Source: extracted from 21

23 Click Proposal to edit Instruction Master title (Section style L) Technical approach Describe how technical approach integrates with current or planed agency information architectures, programs, projects Second or initiatives level Describe how cybersecurity is integrated into the program s Fourth SE, SSE, level T&E processes, and CONOPS Ensure cybersecurity» Fifth level is explicit in the Basis of Estimate (BOE), Work Breakdown Structure, Cost Estimating Approach Describe approach to supply chain vulnerability assessments to comply with agency policy, RFP requirements, or other constraints Describe the technical data approach including ownership, control, timely access, and delivery of all cybersecurity data, including raw test data, for evolving technical baseline 22

24 Click to edit Master title style Proposal Instruction (Section L) Management approach Click Define to team edit organization Master text styles Identify and describe key personnel who will ensure cybersecurity Second level compliance Describe staffing approach, qualifications and continued proficiency Fourth for cybersecurity level personnel Describe cybersecurity» Fifth level incident response, mitigation and risk management processes Describe approach to transition to ensuring cybersecurity Security Describe approach to detect and minimize data exfiltration and data loss Describe how security integrates with current or planned CONOPS, BCP, information architecture, programs or initiatives 23

25 Click Proposal to edit Instruction Master title (Section style L) Government Property Identify required Government Furnished Property (GFP) (e.g., access to National Cyber Range, Government Blue and/or Red Teams to be used during initial testing) Data Deliverables (CDRL) What data Fourth deliverables level are required as part of the proposal and» during Fifth level contract execution? Approach to satisfying Agency Cybersecurity Strategy Compliance with Security CONOPS and/or updates Managing Security Architecture and/or updates Developing Security artifacts for milestone reviews Updating Assessment and Authorization artifacts Approach to satisfying Program Protection Plan (PPP) 24

26 Click Proposal to edit Evaluation Master title Options style Paper proposal Operation Capability Assessment (OCA) Technical approach Live demonstration Third level before award Operational Capability Demonstration (OCD) Fourth level Operational» Fifth Capability level Test (OCT) Sample Task Order or Problem Exercise Oral proposal presentation Challenge-based acquisition Viability assessment of technical approach before RFP release Don t rely on a paper proposal to pick a winner 25

27 Click Best Practices to edit Master Acquisition title style Planning Leverage industry during acquisition planning Provide security documents, assumptions, constraints, as early as possible to industry Ensure Third critical level classification levels and special Fourth data level protection are identified early (these can» Fifth be level expensive, cost drivers) Include security engineering instructions and policy mandates in the scope and objectives Consider who designs, develops, and implements an integrated end-to-end security architecture (will you need an integrator?) Identify the relationships of security deliverables to overall program activities 26 (e.g., security analyses at major reviews)

28 Click Best Practices to edit Master Solicitation title style Development Recognize that no two acquisitions are alike Avoid cut-and-paste (worked last time..) Identify key security personnel, qualifications, collocation, and level of support (e.g., Chief Security Architect Fourth level Full Time on Site) Good criteria» Fifth provide level evaluators with latitude to evaluate what is important Bad criteria provide Yes/No or Checklist Too many criteria dilute core discriminators Tell industry what are the most important areas and factors (e.g., Price, Technical Approach, People/Resumes, Past Performance) 27

29 Click Best Practices to edit Master Source title style Selection Selection needs to reflect evaluation criteria Discriminate between competing Offerors Ensure program and technical personnel are experienced and/or seek help Incorporate Fourth key level desired approaches, features, processes,» or Fifth tools level from the proposal into the final contract, since the proposal itself is not incorporated into the contract Follow your source selection plan and use published evaluation criteria BECAUSE GAO SAID SO (GAO SP) What is MOST Important to YOUR Acquisition? 28

30 Click News to You edit Can Master Use title style DHS using cybersecurity contract clauses OMB Guidance Memo out for comment GSA/DoD Working Group Products Cyber Clauses, Qualified Bidders List, Trusted Sources https://interact.gsa.gov/group/software-and-supplychain-assurance-ssca-forum-wg Fourth level DoD Program» Fifth Managers level Guidebook for Cybersecurity Acquisitions coming soon! DoD Better Buying Power 3.0 new section Strengthen cybersecurity throughout lifecycle Insurance policies for cyber breaches - $$$$$$ - OR - 29

31 Click Summary to edit Master title style You have an integral role in government contracts Consequences of ignoring, misallocating cybersecurity resources are growing You can be the expert help Know Third who level to ask and where to look Fourth level Understand key developments in cybersecurity» Fifth level You will intersect with multiple functional areas Contracting Officials Cybersecurity Technical Staff Acquisition and Program Management Staff Systems Engineering Staff You are committed to advancing cybersecurity Adopting standards and best practices 30

32 Click Questions, to edit Comments Master title style Sharing Time Fourth level» Fifth level 31

33 Click Contact to edit Information Master title style Alex Odeh Click The to MITRE edit Corporation Master text styles Erin Schultz Third level The MITRE Corporation Fourth level Fifth level Virginia Wydler, CPCM, Fellow The MITRE Corporation Website: 32

34 Click to editreferences Applicable Master title style National Standards, Guidance National Security System (NSS) NIST Framework Fourth level» Fifth level Intelligence Community For more information see: 33

35 ClickReference DoD to edit Master Documents title style Fourth level» Fifth level Source: 34

36 Click Cybersecurity to edit Master Workforce title style Framework 31 Specialty areas with sample job titles, tasks, knowledge, skills, and abilities (KSAs) Fourth level» Fifth level 35

37 Click Program to edit Manager s Master title Guidance style Describe key concepts and activities for successful implementation of cybersecurity and system resilience Third throughout level the acquisition Fourth lifecycle level Familiarize program» Fifth level managers with RMF continuous monitoring to optimize mission effects throughout the acquisition lifecycle Relate content to DoD cybersecurity policy, DoD acquisition policy, and other references INTERNAL DRAFT V June 2015 release expected 36

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS Steve Mills DAU-South 1 Overview Questions Cybersecurity Owners and Stakeholders Cybersecurity Why It Matters to DoD Program Managers Defense Science

More information

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC April 28, 2014 Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC RE: Information Technology Sector Coordinating Council (IT SCC)

More information

Overview. FedRAMP CONOPS

Overview. FedRAMP CONOPS Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,

More information

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922. CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS 1 Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.8761 Overview Cybersecurity Policy Overview Questions Challenge #1 -

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments

More information

Introduction to NICE Cybersecurity Workforce Framework

Introduction to NICE Cybersecurity Workforce Framework Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,

More information

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses

More information

SIGNIFICANT CHANGES DOCUMENT

SIGNIFICANT CHANGES DOCUMENT SIGNIFICANT CHANGES DOCUMENT Descriptive Title Schedule 70_MassModification_Health IT SIN Significant Changes Disclaimer Language DISCLAIMER: GSA FAS is posting this notification of a planned solicitation

More information

SYSTEMS SECURITY ENGINEERING

SYSTEMS SECURITY ENGINEERING SYSTEMS SECURITY ENGINEERING Mission Statement Integrating Security into Every Solution We Deliver Reducing Risk and Providing Fully Reliable and Trusted Solutions Utilizing Best Practices and Rigorous

More information

System Security Engineering and Comprehensive Program Protection

System Security Engineering and Comprehensive Program Protection System Security Engineering and Comprehensive Program Protection Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering 16th Annual NDIA Systems Engineering Conference

More information

Get Confidence in Mission Security with IV&V Information Assurance

Get Confidence in Mission Security with IV&V Information Assurance Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving

More information

What The OMB Cybersecurity Proposal Does And Doesn't Do

What The OMB Cybersecurity Proposal Does And Doesn't Do Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com What The OMB Cybersecurity Proposal Does And Doesn't

More information

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many

More information

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP Why Cybersecurity Matters in Government Contracting Robert Nichols, Covington & Burling LLP Cybersecurity is the No. 1 Concern of General Counsel and Directors 2 Cybersecurity Concerns in the Government

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION CONTRACTOR SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 CREDENTIALS June 2012 A-14-11-11106

More information

Department of Homeland Security Federal Government Offerings, Products, and Services

Department of Homeland Security Federal Government Offerings, Products, and Services Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity

More information

Implementing Program Protection and Cybersecurity

Implementing Program Protection and Cybersecurity Implementing Program Protection and Cybersecurity Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering Mark Godino Office of the Deputy Assistant Secretary of Defense

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Computer Network Security & Privacy Protection

Computer Network Security & Privacy Protection Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and

More information

NASA OFFICE OF INSPECTOR GENERAL

NASA OFFICE OF INSPECTOR GENERAL NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Policy on Information Assurance Risk Management for National Security Systems

Policy on Information Assurance Risk Management for National Security Systems CNSSP No. 22 January 2012 Policy on Information Assurance Risk Management for National Security Systems THIS DOCUMENT PRESCRIBES MINIMUM STANDARDS YOUR DEPARTMENT OR AGENCY MAY REQUIRE FURTHER IMPLEMENTATION

More information

APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS

APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS Section 5123 of the Clinger-Cohen Act requires that the Department establish goals for improving the efficiency and effectiveness of agency operations

More information

Mission Assurance and Security Services

Mission Assurance and Security Services Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page

More information

National Initiative for Cyber Security Education

National Initiative for Cyber Security Education 2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women

More information

Lawrence Livermore National Laboratory

Lawrence Livermore National Laboratory Lawrence Livermore National Laboratory Supply Chain Management Department Attention: To All Offerors June 16, 2016 Subject: Request for Proposal (RFP) Number B617524 Lawrence Livermore National Security,

More information

Legislative Language

Legislative Language Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

More information

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO DoD CIO s 10-Point Plan for IT Modernization Ms. Teri Takai DoD CIO Executive Summary Proactive Partnerships for IT Modernization IT Modernization Strategy Consolidate Infrastructure Streamline Processes

More information

Improving Cybersecurity and Resilience through Acquisition [DRAFT] IMPLEMENTATION PLAN

Improving Cybersecurity and Resilience through Acquisition [DRAFT] IMPLEMENTATION PLAN Improving Cybersecurity and Resilience through Acquisition [DRAFT] IMPLEMENTATION PLAN Version 1.0 February 2014 Page 1 of 7 Table of Contents Introduction... 3 Purpose... 3 Plan Development Process...

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

NIST Cybersecurity Framework What It Means for Energy Companies

NIST Cybersecurity Framework What It Means for Energy Companies Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber

More information

Program Protection and Anti-Tamper

Program Protection and Anti-Tamper Program Protection and Anti-Tamper Kristen Baldwin Principal Deputy Office of the Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)), OUSD(AT&L) NDIA Industrial Committee on Program

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

Frequently Asked Questions about the HITRUST Risk Management Framework

Frequently Asked Questions about the HITRUST Risk Management Framework Frequently Asked Questions about the HITRUST Risk Management Framework Addressing common questions and misconceptions about the HITRUST CSF, CSF Assurance Program and supporting methods and tools, and

More information

SCAC Annual Conference. Cybersecurity Demystified

SCAC Annual Conference. Cybersecurity Demystified SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber

More information

Capabilities for Cybersecurity Resilience

Capabilities for Cybersecurity Resilience Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances

More information

Statement of work CDRL, And Tracking Tool (SCATT)

Statement of work CDRL, And Tracking Tool (SCATT) Statement of work CDRL, And Tracking Tool (SCATT) September 2011 1 Agenda Overview & Introduction Brief History SCATT Tool Components SOW Questionnaire CDRL Wizard CDRL Tracking Tool Who uses the SCATT

More information

Information Systems Security Line of Business (ISS LoB)

Information Systems Security Line of Business (ISS LoB) Information Systems Security Line of Business (ISS LoB) Information Security and Privacy Advisory Board George Washington University Washington, DC March 22, 2007 Agenda Background Status Next Steps Background

More information

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including

More information

Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals

Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals JANUARY 2014 Deputy Assistant Secretary of Defense for Systems

More information

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework

More information

Cyber Security for Advanced Manufacturing Next Steps

Cyber Security for Advanced Manufacturing Next Steps Status Update Cyber Security for Advanced Manufacturing Next Steps NDIA Manufacturing Division February 19, 2015 Michael McGrath Consultant, Analytic Services Inc. michael.mcgrath@anser.org NDIA White

More information

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003

More information

Changing Legal Landscape in Cybersecurity: Implications for Business

Changing Legal Landscape in Cybersecurity: Implications for Business Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,

More information

5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT

5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT 5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT 5 FAM 621 GENERAL (Office of Origin: IRM/BMP/SPO/PMD) a. The strategic importance of Information Technology (IT) to the mission of the State Department

More information

1 July 2015 Version 1.0

1 July 2015 Version 1.0 1 July 2015 Version 1.0 Cleared for Open Publication June 26, 2015 DoD Office of Prepublication and Security Review Cybersecurity T&E Guidebook ii July 1, 2015 Version 1.0 Table of Contents 1 INTRODUCTION...

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

More information

FSIS DIRECTIVE 1306.3

FSIS DIRECTIVE 1306.3 UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC FSIS DIRECTIVE 1306.3 REVISION 1 12/13/12 CONFIGURATION MANAGEMENT (CM) OF SECURITY CONTROLS FOR INFORMATION SYSTEMS

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks GAO For Release on Delivery Expected at 10:00 a.m. EDT Tuesday, March 27, 2012 United States Government Accountability Office Testimony Before the Subcommittee on Oversight and Investigations, Committee

More information

System Security Engineering and Program Protection Integration into SE

System Security Engineering and Program Protection Integration into SE System Security Engineering and Program Protection Integration into SE Melinda Reed Deputy Director for Program Protection Office of the Deputy Assistant Secretary of Defense for Systems Engineering 17

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential

More information

Information Security for Managers

Information Security for Managers Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS OFFICE OF THE CHIEF INFORMATION OFFICER Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS V. POLICY VI. RESPONSIBILITIES

More information

Cyber Security for the Advanced Manufacturing Enterprise

Cyber Security for the Advanced Manufacturing Enterprise Cyber Division & Manufacturing Division Joint Working Group Cyber Security for the Advanced Manufacturing Enterprise Manufacturing Division Meeting June 4, 2014 Michael McGrath, ANSER michael.mcgrath@anser.org

More information

Strategic Plan On-Demand Services April 2, 2015

Strategic Plan On-Demand Services April 2, 2015 Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

The GAO has shown that technical, cost, schedule, and performance risks are inherent. Software Acquisition: Reducing Risks.

The GAO has shown that technical, cost, schedule, and performance risks are inherent. Software Acquisition: Reducing Risks. Acquisition: Reducing Risks James Jones The Acquisition Risk Crisis The GAO has shown that technical, cost, schedule, and performance risks are inherent in delivering software-intensive systems. The GAO

More information

System Security Engineering

System Security Engineering A Critical Discipline of SE Ms. Kristen Baldwin Director, Systems Analysis DDR&E/Systems Engineering 12th Annual NDIA Systems Engineering Conference 28 October 2009 10/28/09 Page-1 Defense Research & Engineering

More information

DHS IT Successes. Rationalizing Our IT Infrastructure

DHS IT Successes. Rationalizing Our IT Infrastructure TESTIMONY OF Richard A. Spires Chief Information Officer U.S. Department of Homeland Security Before the House Committee on Oversight and Government Reform February 27, 2013 Chairman Issa, Ranking Member

More information

HKITPC Competency Definition

HKITPC Competency Definition HKITPC Competency Definition for the Certification copyright 2011 HKITPC HKITPC Competency Definition Document Number: HKCS-CD-L1L2 Version: 1.0 Date: June 2011 Prepared by Hong Kong IT Professional Certification

More information

FedRAMP Standard Contract Language

FedRAMP Standard Contract Language FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal

More information

Statement Of Objectives (SOO) Information Guide

Statement Of Objectives (SOO) Information Guide Statement Of Objectives (SOO) Information Guide 20 Jun 03 Prepared by OC-ALC/AE (ACE) TABLE OF CONTENTS SECTION PARAGRAPH/TITLE 1. Introduction:... 1 2. Purpose:... 1 3. SOO Development Process:... 1 4.

More information

DoD Strategy for Defending Networks, Systems, and Data

DoD Strategy for Defending Networks, Systems, and Data DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July

More information

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational

More information

Accenture Cyber Security Transformation. October 2015

Accenture Cyber Security Transformation. October 2015 Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting

More information

FITSP-Auditor Candidate Exam Guide

FITSP-Auditor Candidate Exam Guide FITSP-Auditor Candidate Exam An Overview of the FITSP-A Certification 2010 Edition Copyright 2009-2010 FITSI 1 FITSP-Auditor Candidate Exam This page is left intentionally blank Copyright 2009-2010 FITSI

More information

GEARS Cyber-Security Services

GEARS Cyber-Security Services Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments

More information

Do You Have The Right Practices In Your Cyber Supply Chain Tool Box? NDIA Systems Engineering Conference October 29, 2014

Do You Have The Right Practices In Your Cyber Supply Chain Tool Box? NDIA Systems Engineering Conference October 29, 2014 Do You Have The Right Practices In Your Cyber Supply Chain Tool Box? NDIA Systems Engineering Conference October 29, 2014 2 Today s Reality Is Deep & Complex Global ICT Supply Chains IT and Communications

More information

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA 8 th Annual Safeguarding Health Information: Building Assurance through HIPAA Security HHS Office of Civil Rights and National Institute of Standards & Technology Wednesday September 2, 2015 Suzanne B.

More information

NICE Cybersecurity Workforce Framework Tutorial

NICE Cybersecurity Workforce Framework Tutorial NICE Cybersecurity Workforce Framework Tutorial Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy, DHS Outline

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

Compliance Risk Management IT Governance Assurance

Compliance Risk Management IT Governance Assurance Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems

More information

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION Department of Defense INSTRUCTION NUMBER 8440.01 December 24, 2015 DoD CIO SUBJECT: DoD Information Technology (IT) Service Management (ITSM) References: See Enclosure 1 1. PURPOSE. Pursuant to the authority

More information

The Department of Defense (DoD) has reached

The Department of Defense (DoD) has reached SPECIAL BBP2.0 I S S U E DoD Open Systems Architecture Contract Guidebook for Program Managers A Tool for Effective Competition Nickolas Guertin Thomas Hurt The Department of Defense (DoD) has reached

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Statement of James Sheaffer, President North American Public Sector, CSC

Statement of James Sheaffer, President North American Public Sector, CSC Statement of James Sheaffer, President North American Public Sector, CSC United States House of Representatives Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection,

More information