Innovating the Future of Aviation Security. July 19, 2016
|
|
- Shawn Kelley Patterson
- 7 years ago
- Views:
Transcription
1 Innovating the Future of Aviation Security July 19,
2 Innovating the Future of Aviation Security Workshop Topics Cybersecurity Cybersecurity Requirements; Technical Solutions Innovation Operational Improvements; New Technologies; Innovation Task Force (ITF) System Architecture Update on Implementation of OSC System Architecture; Priorities for Fiscal Year 2017; TSE Connectivity Deployment & Logistics Planning Guidelines and Design; Checkpoint Design Guide System Architecture Deployment and Logistics Innovation Cybersecurity The Office of Security Capabilities safeguards our nation s transportation systems through the qualification and delivery of innovative security capabilities and solutions. 1 2 Standards & Security Passenger Screening Standards & Security Updates to Detection Standards Passenger Screening LCCE Revision Updates; Passenger Screening Experience Test & Evaluation New Qualification Process; Third Party Testing Update Checked Baggage Recap and Acquisition Plans Checked Baggage Test & Evaluation 2 3 Alignment to Strategic Five-Year Technology Investment Plan Themes: 1 Enhancing Core Mission Delivery by Focusing on Systemof-Systems 2 Integrating Principles of Risk-Based Security in Capabilities, Processes, and Technologies 3 Streamlining Acquisitions, Requirements, and Test and Evaluation Processes 4 Increasing Transparency in Engagement with Stakeholders to Enable Innovation 2
3 Lifecycle of a Capability OSC is building a culture of innovation and developing a system-of-systems approach to support next generation curb-to-gate solutions and allow for the rapid demonstration and deployment of emerging technologies to improve passenger satisfaction, enhance detection, and increase efficiencies. Innovation Incorporate new technologies and processes into TSA operations to improve efficiency and effectiveness. Cybersecurity Complete studies and analyses that cover both operational and technical cybersecurity challenges. Security Technology Integrated Program (STIP) Enablement Connect Transportation Security Equipment (TSE) to a shared network by enabling STIP. System-of-Systems Define the future state of system architecture to support interoperability and connectivity. Common Standards Establish common standards for TSE and user interfaces to support program integration and increase transparency for stakeholders. Updated Detection Standards Develop new primary passenger screening detection requirements with input from industry and DHS groups. Deploy and Sustain Coordinate deployments, maintain fielded technologies, and make recommendations for redesign efforts. Test and Evaluation Enhance System Qualification Process and establish the Engineering Requirements Review Board (ERRB). Checked Baggage Upgrade existing technologies and maintain capabilities to support a system-of-systems approach. Checkpoint Implement new lifecycle cost estimates (LCCEs) focused on maintenance of existing TSE in the near term and the development of future capabilities longer range. Program Initiation and Integration Align the checked baggage and checkpoint programs to support system architecture. New Technologies Partner with DHS S&T and industry to develop new technologies for screening, identity verification, and information technology (IT) security. 3
4 Cybersecurity TSA/OSC is developing a set of cybersecurity capabilities for endpoint devices and the network to mitigate known cybersecurity risks and allow authorizing officials to weigh against compliance requirements, enabling a risk mitigation approach to TSE cybersecurity. Initiatives Credential Authentication Technology (CAT) Cybersecurity Remediation Johns Hopkins University Applied Physics Lab (JHU/APL) Study Perform Developmental Test & Evaluation (DT&E) of the STIP system and conduct assessments of cyber threats to checkpoint operations and equipment (e.g., CAT) Cybersecurity Market Research Identify solutions for potential proofs of concepts (PoC) to allow TSEs to reconnect to TSANet Impact Assessments will enhance TSA cybersecurity through identification of potential cybersecurity threats, providing TSA with an increased level of awareness of the threat environment to support risk-based security initiatives Identifying enterprise-level cybersecurity solutions will allow OSC to buy-down risk and conduct comprehensive security solution assessments DHS Cybersecurity Requirements 1. Operating System (OS) Currency/ Security Patching 2. OS Hardening 3. Anti-Virus (AV) Updates 4. Personal Identity Verification (PIV) Compatibility 5. Security Scanning Support 6. Technical Obsolescence 7. Security Operations Center (SOC) Monitoring 8. Plan of Action & Milestones (POA&M) Support 9. Vendor Information System Security Officer (ISSO) Designation
5 Innovation Task Force In the upcoming year, TSA is investing in people, process, and technology innovation through the Innovation Task Force. In coordination with industry, airports, airlines, and other stakeholders, the long-term goal of these innovation initiatives is to increase operational effectiveness and efficiency. Initiatives Current initiatives leading to increased technology effectiveness and efficiency are the following: DHS S&T Screening at Speed Emerging Technology Demonstrations Executable Strategic Plan for Innovation Initiatives Impact A vision for a future screening experience that includes higher throughput, increased detection, and passenger experience Next-generation technology that increases TSA and aviation partners range of possibilities, rather than bounding that range An innovative environment that fosters emerging capabilities and collaboration across stakeholders People solutions, process improvements, and technology advancements support OSC s innovation initiatives and enable a future screening experience for passengers. People
6 Pilot at ATL Atlanta International Airport (ATL) is the pilot innovation lane, allowing TSA to refine the process to establish and operate an innovation lane. TSA continues to develop and refine the broader ITF program based on the ATL pilot. ATL Overview Partnering with Delta, MacDonald Humfrey, Rapiscan, and Atlanta Airport Authority Assessing MacDonald Humfrey Automated Screening Lane, commonly referred to as a bin return system Cross-TSA IPT developing processes to execute ATL innovation lane March April May 3/18 5/2: MH Software Development /24: Go-Live 3/18: Stakeholder Kick-off Meeting 5/3 5/13: TSIF Testing 5/6: ATL Infrastructure Updates; MH System Delivered to ATL 5/15: Lanes Fully Operational 5/15 5/23: TSO Training and Checkpoint Finalization
7 ATL Wins Identified critical path to expedite delivery in less than 9 weeks Kicked off IPT and enabled coordination across TSA and external stakeholders Developed processes and documentation to drive future ITF site stand-ups and installations 2016 Go- Live
8 Automated Screening Lane System Demonstration
9 System Architecture The OSC System Architecture program supports the integration of technology, data, and processes to enable expanded implementation of risk-based security through the development of an integrated and modularized security screening system. Interface and Standards Analysis Identify and assess key interfaces and evaluate standards such as DICOS Common GUI Displays Develop EDS and AT common display standards Common Data and Interface Standards Document standard postprocessed image data format Common Algorithms Develop 3rd party dynamic risk-based algorithms Common Data and Interface Standards for Non-Imaging Modalities Document standard postprocessed data format System of Systems Current capabilities integrated into initial baseline Architecture Definition Define the current and future state of business, data, application, and technology architectures System Architecture Program Initiation Socialize principles and vision with programs, partners, and industry Cybersecurity Solution Proof of Concept Implementation and Migration Planning Conduct detailed implementation analysis, migration planning, and project prioritization Initial TSE Connectivity Program Alignment and Business Reengineering Assess and reengineer relevant organizational processes Architecture Testbed Implement physical system architecture testbed Requirements and Standards Program Initiatives Architecture Development Cybersecurity Milestone Implementation Governance Govern the overall implementation and deployment process Key New capabilities procured through a system of systems approach with updates to the hardware and software baseline Cybersecurity is a requirement for full System of Systems capability Documentation Testing Deployment 9
10 Deployment and Logistics OSC s Deployment and Logistics Division (DLD) provides airports with efficient and effective security capabilities for checked baggage and checkpoint screening options, communicates with internal and external stakeholders to coordinate deployment, and maintains all fielded TSE throughout its lifecycle. Initiatives Provide guidance for checkpoint redesign efforts at airports to prepare checkpoints for next generation technologies and capability Activities demonstrations Create and maintain checkpoint design guides through DLD that that allow for integration relate of new TSE Maintain the Deployment Interactive Viewer of Equipment (DIVE) to industry Impact Checkpoint design guides can emphasize best practices for designing screening system layouts that allow the integration of future capabilities Desired DIVE enables TSA to view current deployments and incorporate future Outcomes capabilities into airport planning, easing the path to system integration for new TSE / Benefits 10
11 Checked Baggage The OSC Checked Baggage Technologies Division (CBTD) has outlined a path forward in order to meet TSA s goal to improve security effectiveness through a system-of-systems technological approach. By establishing agreed-upon pathways, interdependencies, and supporting roles, CBTD is working to achieve targeted future state objectives. Initiatives Develop and deploy enhanced threat detection algorithms Develop and deploy CT80DR+ Upgrade Kit Enhance alarm resolution Activities capabilities Upgrade networks and enhance focus on IT security Develop Threat Image Projection that relate Maintain the Planning Guidelines and Design Standards (PGDS) through cooperation between CBTD to industry and DLD Impact TSA will procure and deploy TSE (EDS and ETD units) to maintain 100% screening compliance Current projects with executed Letters of Intent or Other Transactional Agreements will be fulfilled Desired Upgraded networks will enhance IT security, allowing for STIP Outcomes enablement / Benefits 11
12 Test and Evaluation OSC s Test and Evaluation Division (TED) provides test and evaluation and lifecycle matrix support services to the OSC program offices, TSA field elements, and other TSA/DHS stakeholders. TSA is improving TSE acquisitions by engaging with the Original Equipment Manufacturer (OEM) earlier in the development process, resulting in more mature TSE. Initiatives System Qualification Process Enhancements o Earlier and more frequent involvement with the OEM during Design and Development of TSE Activities o Third Party Testing Program Engineering Requirements Review Board (ERRB) Development that relate to industry Impact System Qualification Process Enhancements could decrease failures, delays, and costs resulting from the iterative cycle of test, fix, and retest ERRB will provide a forum for key Desired stakeholders to review and approve functional requirements prior to Outcomes finalizing relevant acquisition documentation / Benefits 12
13 Passenger Screening Program The Checkpoint Solutions and Integration Division (CSID) Passenger Screening Program (PSP) LCCE document provides a structured accounting of all associated checkpoint TSE cost elements. The LCCE accounts for all PSP activities and helps prioritize maintenance and improvements to currently deployed TSE based on the establishment of future programs. PSP LCCE Overview FY17 FY18 FY19 FY20 FY21 FY22 FY23 FY24 FY25 FY26 Relative Funding Trends PSP (Legacy TSE) PC&I Sustain, maintain, and improve deployed capabilities (including recapitalization) through FY20 PSP (Legacy TSE) O&M Operate and maintain fielded equipment New Programs (New Checkpoint Capabilities) Establish New new Programs programs (New to provide Checkpoint systems Capabilities) based on future checkpoint capability needs, focusing Establish on new a holistic programs approach to provide and moving systems away based from on future specific checkpoint technology capability based requirements needs, focusing on a holistic approach and moving away from specific technology based requirements As TSA moves towards full implementation of System Architecture, activities for deployed systems will decrease while funding and resources will be increasingly focused on future capabilities. 13
14 Standards and Security Due to constantly evolving security threats facing multiple DHS components, TSA is reviewing requirements and detection standards and updating processes to protect against threats facing the nation while enabling enhanced future technologies. Initiatives Aligning testing processes to allow technology and algorithms to be submitted for certification in addition to qualification Revising detection standards and requirements for Advanced Technology/Automated Personnel Security System, Explosives Detection System, Explosives Trace Detector, Bottled Liquids Scanner, Advanced Imaging Technology (AIT), and Enhanced Metal Detector to provide security against an adaptive and improvising adversary Enhancing checkpoint design recommendations Impact Certified technology and algorithms can be submitted to ITF for demonstration and will encourage mature TSE and technical capability Revised detection standards will require technologies to be recertified in order to be deployed Industry will need to consistently innovate through development of algorithms and technologies to meet new standards Updated checkpoint design recommendations allow for demonstration of enhanced future capabilities 14
15 OSC High-Level Initiative Timeline Short-term (6-12 months) Deploy vetted technologies and improve existing processes Define and initiate system architecture projects Finalize requirements for nextgeneration technologies Finalize checkpoint technologies LCCE Deploy additional AIT machines Recap ETD machines Deploy CAT Conduct cybersecurity proof-ofconcept and market research Establish new qualification processes Align program regimens Implement ITF with 4 airlines in 10+ airports Mid-term (1-2 years) Develop innovative solutions and capabilities Partner with DHS S&T Screening at Speed Invest in emerging technologies Enhance algorithms for ultra false acceptance rates Implement IT security requirements Network TSE through STIP Integrate RBS with checked baggage Define common standards for TSE and interfaces Assess OSC s future operating model Long-term (2-10 years) Create a holistic curb-to-gate screening approach Implement system architecture Deploy walk-through, standoff trace detection, next-generation X-Ray, and high resolution trace detection Fully implement biometrics Deploy dynamic and risk management algorithms Fully integrate risk in passenger and baggage screening Create a seamless passenger experience Enhance screening and detection through stream of commerce and improvised threat characterization Demonstrate future concepts 15
Advanced Integrated Passenger and Baggage Screening Technologies
Advanced Integrated Passenger and Baggage Screening Technologies October 22, 2015 Fiscal Year 2015 Report to Congress Transportation Security Administration Message from the Administrator October 22, 2015
More informationSTATEMENT OF JOHN ROTH INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
STATEMENT OF JOHN ROTH INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM U.S. HOUSE OF REPRESENTATIVES CONCERNING TRANSPORTATION SECURITY: ARE
More informationTHE EQUIPMENT THE SOLUTION THE CHALLENGE THE THREAT
THE CHALLENGE The aviation system, essential to the U.S. economy, its quality of life, and national security, is in a sustained period of economic growth. As the system grows, so do the opportunities for
More informationCisco Services for IPTV
Cisco Services for IPTV Cisco Services for IPTV help service providers efficiently launch IPTV services while mitigating risk and providing service assurance. Opportunity The media services landscape is
More informationDepartment-wide Systems and Capital Investment Program
Department-wide Systems and Capital Investment Program Mission Statement The Department-wide Systems and Capital Investments Program (DSCIP) is authorized to be used by or on behalf of the Treasury Department
More informationAgency for State Technology
Agency for State Technology 2015-2018 Statewide Information Technology Security Plan The Way Forward Rick Scott, Governor Jason M. Allison, State CIO Table of Contents From the Desk of the State Chief
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More information23.9.2015. Kangas Cybersecurity strategy
Kangas Cybersecurity strategy Vision of Kangas Smart Kangas Life and living at Kangas is convenient, easy and safe. Kangas is resource-wise and it is attractive place of work. Security and safety measures
More informationThe Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program
The Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program May 6, 2015 OIG-15-86 HIGHLIGHTS The Transportation Security Administration Does
More informationPREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK
MAXIMIZE PERFORMANCE AND REDUCE RISK 1 BROCHURE COMPLEXITIES IN MISSION CRITICAL SYSTEMS CONTINUE TO INCREASE Mission critical communications systems have become increasingly complex as more features and
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationInternational Civil Aviation Organization ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE
A38-WP/11 17/05/13 International Civil Aviation Organization WORKING PAPER ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE Agenda Item 16: Facilitation and Machine Readable Travel Documents PROPOSAL FOR AN ICAO
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationFive best practices for deploying a successful service-oriented architecture
IBM Global Services April 2008 Five best practices for deploying a successful service-oriented architecture Leveraging lessons learned from the IBM Academy of Technology Executive Summary Today s innovative
More informationProject Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January 2014. PPM Project Type Custom Development
Project Planning and Management (PPM) V2.0 Project Type Guide Custom Development Version 1.1 January 2014 Last Revision: 1/22/2014 Page 1 Project Type Guide Summary: Custom Development Custom software
More informationDepartment of Veteran Affairs. Fred Catoe Office of Cyber and Information Security AAIP Project Manager March 2004
Department of Veteran Affairs Fred Catoe Office of Cyber and Information Security AAIP Project Manager March 2004 Background Smart Cards are a subset of a larger Authentication and Authorization Infrastructure
More informationRisk Management Framework (RMF): The Future of DoD Cyber Security is Here
Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationHow To Implement Itil V3
2009 NMCI Conference: Implementing ITIL Session 1: ITSM Process ITSM COE Agenda Background ITSM Overview ITIL and Service Delivery Adopting ITIL to NGEN SE&I Activities 2 Background Develop Government
More informationFAA Cloud Computing Strategy
FAA Cloud Computing Strategy Final - Version 1.0 May 2012 Federal Aviation Administration 800 Independence Avenue, SW Washington, D.C. 20591 SIGNATURE PAGE Table of Contents 1. Executive Summary... 1 2.
More informationGOVERNMENT USE OF MOBILE TECHNOLOGY
GOVERNMENT USE OF MOBILE TECHNOLOGY Barriers, Opportunities, and Gap Analysis DECEMBER 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers Council Contents Introduction...
More informationLDAP Authentication Configuration Appendix
1 Overview LDAP Authentication Configuration Appendix Blackboard s authentication technology is considered a focal point in the company s ability to provide true enterprise software. Natively, the Blackboard
More informationSafeNet Licensing Solution Design Workshop
Software Licensing Workshop: Strategy Design & Architecture Development Service Brief Benefits Expedite the license planning and design process: by taking advantage of SafeNet s license consulting expertise
More informationSTATEMENT THOMAS P. MICHELLI CHIEF INFORMATION OFFICER U.S. IMMIGRATION AND CUSTOMS ENFORCEMENT DEPARTMENT OF HOMELAND SECURITY REGARDING A HEARING ON
STATEMENT OF THOMAS P. MICHELLI CHIEF INFORMATION OFFICER U.S. IMMIGRATION AND CUSTOMS ENFORCEMENT DEPARTMENT OF HOMELAND SECURITY REGARDING A HEARING ON EXAMINING CHALLENGES AND WASTED TAXPAYER DOLLARS
More informationEastern Illinois University information technology services. strategic plan. January,
Eastern Illinois University information technology services strategic plan January, 2014 Introduction With the selection of emerging technologies as one of the six themes of the university s recent strategic
More informationDEPARTMENT OF HOMELAND SECURITY
DEPARTMENT OF HOMELAND SECURITY Funding Highlights: Provides $43.2 billion, an increase of $309 million above the 2010 enacted level. Increases were made in core homeland security functions such as border
More informationMicrosoft Active Directory Project
Microsoft Active Directory Project Simcoe County District School Board Project Kick-off Meeting Rami Wehbe (Solution Architect) January 18, 2012 Agenda Introductions Project objectives and drivers Approach
More informationYour Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.
INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing
More informationIntroduction to PAS 127:2014 Checkpoint security screening of people and their belongings Guide
Introduction to PAS 127:2014 Checkpoint security screening of people and their belongings Guide Introduction PAS 127:2014 is a guide to checkpoint security screening of people and their belongings within
More informationProject Charter and Scope Statement
Prepared by: Mike Schmidt Version: 1.0 Last Revision Date: April 14, 2010 Create Date: May 6, 2010 EXECUTIVE SUMMARY... 3 1 INTRODUCTION... 4 2 PROJECT OBJECTIVES... 4 2.1 MISSION... 4 2.2 OBJECTIVES...
More informationSystem/Data Requirements Definition Analysis and Design
EXECUTIVE SUMMARY This document provides an overview of the Systems Development Life-Cycle (SDLC) process of the U.S. House of Representatives. The SDLC process consists of seven tailored phases that help
More informationIoT & SCADA Cyber Security Services
IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087, Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 4, 60 Edward St, Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au
More informationComprehensive European Security Approaches: EU Security Programmes. Robert HAVAS EOS Chairman of the Board
Comprehensive European Security Approaches: EU Security Programmes Robert HAVAS EOS Chairman of the Board INTRODUCTION the EOS Programmes rationale Why implementing EU Security Programmes / ASPIDA approach?
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationAchieving Strategy with IT projects through Business Process Change
Achieving Strategy with IT projects through Business Process Change Presented by Alex Attard October 2008 Incorporating ICT into the Regional Development Agenda: Using e-government Systems as the Driver
More informationInformation Technology Services Project Management Office Operations Guide
Information Technology Services Project Management Office Operations Guide Revised 3/31/2015 Table of Contents ABOUT US... 4 WORKFLOW... 5 PROJECT LIFECYCLE... 6 PROJECT INITIATION... 6 PROJECT PLANNING...
More informationSECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT
PAGE 6 of 51 SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Statement of Work This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationCorporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.
Corporate Overview MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.com IS&P Practice Areas Core Competencies Clients & Services
More informationAgency Services. Moving Ahead. Agency Services Road Map
Table of Contents Moving Ahead... 2 Service Delivery... 3 Agency-specific Applications... 4 Shared Services... 6 Targets for Initiatives and Outcomes... 7 Outcomes... 8 Cross-walk between the Goals, Strategies
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationSOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013
SOFTWARE ASSET MANAGEMENT Continuous Monitoring September 16, 2013 Tim McBride National Cybersecurity Center of Excellence timothy.mcbride@nist.gov David Waltermire Information Technology Laboratory david.waltermire@nist.gov
More informationProject, Program & Portfolio Management Help Leading Firms Deliver Value
in collaboration with Project, Program & Portfolio Help Leading Firms Deliver Value Managing Effectively & Efficiently Through an Enterprise PMO Program & Portfolio : Aligning IT Capabilities with Business
More informationState of South Carolina Policy Guidance and Training
DRAFT For Discussion Purposes Only State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Information Systems (IS) Acquisitions, Development, and Maintenance Policy April/May
More informationSystem Development Life Cycle Guide
TEXAS DEPARTMENT OF INFORMATION RESOURCES System Development Life Cycle Guide Version 1.1 30 MAY 2008 Version History This and other Framework Extension tools are available on Framework Web site. Release
More informationApril 15, 2014. The Honorable Phil Scott The Office of the Lieutenant Governor 115 State Street Montpelier, Vermont 05633. Dear Lt.
April 15, 2014 The Honorable Phil Scott The Office of the Lieutenant Governor 115 State Street Montpelier, Vermont 05633 Dear Lt. Governor Scott, Thank you for the opportunity to present our credentials
More informationEstablishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology
Establishing A Multi-Factor Authentication Solution Report to the Joint Legislative Oversight Committee on Information Technology Keith Werner State Chief Information Officer Department of Information
More informationConducting Security System Site Surveys
Conducting Security System Site Surveys Written By: Harold C. Gillens, PSP, CFC, CHS-III Quintech Security Consultants, Inc. 102 Sangaree Park Court Suite 4 Summerville, SC 29483 CONDUCTING SECURITY SYSTEM
More informationSAP ERP Upgrade Checklist Project Preparation
A SAP ERP Upgrade Checklist Project Preparation Upgrade Project Phase Project Preparation Definition From the project perspective the project preparation phase includes: Learning about the new functionality
More informationCentral Agency for Information Technology
Central Agency for Information Technology Development of a National IT Governance Framework Project Management Agenda 1 What is project management? Why it is important? 2 Leading practices 3 Project management
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationTask Order 006 Project Plan: Increment 2C Objective 1: Plan and Define
: Increment 2C Objective 1: Plan and Define September 21, 2004 CI: USVISIT-APMO-CONTHSSCHQ04D0096T006-PROP040010-F Submitted by: Submitted to: Smart Border Alliance Dept of Homeland Security 1616 N. Fort
More informationHHSN316201200042W 1 QSSI - Quality Software Services, Inc
ARTICLE C.1. STATEMENT OF WORK This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and Human Services (DHHS), and all other federal agencies to acquire
More informationAuditing the Software Development Lifecycle ISACA Geek Week. Mike Van Stone Sekou Kamara August 2014
Auditing the Software Development Lifecycle ISACA Geek Week Mike Van Stone Sekou Kamara August 2014 Agenda Introduction Audit Scope Project Initiation SDLC Processes Stakeholders Common Development Methodologies
More informationSymantec Control Compliance Suite Standards Manager
Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance
More informationVICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES
VICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES Consult and assess your business and technical requirements Advise you on the best cloud solutions
More informationCANADIAN AIR TRANSPORT SECURITY AUTHORITY. Summary of the. 2012/13 2016/17 Corporate Plan. 2012/13 Capital Budget. 2012/13 Operating Budget
CANADIAN AIR TRANSPORT SECURITY AUTHORITY Summary of the 2012/13 2016/17 Corporate Plan 2012/13 Capital Budget 2012/13 Operating Budget October 25, 2012 TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 1. CORPORATE
More informationALM/Quality Center. Software
HP ALM/Quality Center Software Datasheet Page 1 of 8 HP Application Lifecycle Management software In today s rapidly changing business world, business agility depends on IT agility. And predictable, high
More informationCisco Network Optimization Service
Service Data Sheet Cisco Network Optimization Service Optimize your network for borderless business evolution and innovation using Cisco expertise and leading practices. New Expanded Smart Analytics Offerings
More informationWHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
More informationQlik UKI Consulting Services Catalogue
Qlik UKI Consulting Services Catalogue The key to a successful Qlik project lies in the right people, the right skills, and the right activities in the right order www.qlik.co.uk Table of Contents Introduction
More informationTable of Contents CYBER SECURITY STRATEGIC PLAN VERSION 1.0
U.S DEPARTMENT OF ENERGY CYBER SECURITY PROGRAM CYBER SECURITY STRATEGIC PLAN FEBRUARY 12, 2007 Table of Contents INTRODUCTION... 4 CYBER SECURITY STRATEGY OVERVIEW... 5 CYBER SECURITY VISION AND MISSION...
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationDefining a Secure Mobile Framework Architecture at DHA
Ms. Janine Oakley, Transition Manager Innovation and Advanced Technology Development Division 2015 Defense Health Information Technology Symposium Defining a Secure Mobile Framework Architecture at DHA
More informationBELL LABS ADVISORY SERVICE FOR SMART GRID NETWORK TRANSFORMATION STRATEGIC PLANNING FOR THE MODERNIZATION OF UTILITY COMMUNICATIONS NETWORKS
BELL LABS ADVISORY SERVICE FOR SMART GRID NETWORK TRANSFORMATION STRATEGIC PLANNING FOR THE MODERNIZATION OF UTILITY COMMUNICATIONS NETWORKS APPLICATION NOTE SUMMARY Bell Labs Advisory Service for Smart
More informationCisco and VMware Virtualization Planning and Design Service
Cisco and VMware Virtualization Planning and Design Service Create an End-to-End Virtualization Strategy with Combined Services from Cisco and VMware Service Overview A Collaborative Approach to Virtualization
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationRisk Management Primer
Risk Management Primer Purpose: To obtain strong project outcomes by implementing an appropriate risk management process Audience: Project managers, project sponsors, team members and other key stakeholders
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationIG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY
IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined
More informationThe Convergence of IT Operations
SOLUTION WHITE PAPER The Convergence of IT Operations A Case for IT Service and Asset Process Integration and Automation TABLE OF CONTENTS TODAY S REALITY: THE FUTURE IS NOW. 1 AUTOMATION & INTEGRATION:
More informationstate of south dakota Bureau of Information & Telecommunications Provide a Reliable, Secure & Modern Infrastructure services well-designed innovative
Strategic Plan 2015-2017 state of south dakota Bureau of Information & Telecommunications 1GOAL ONE: Provide a Reliable, Secure & Modern Infrastructure services security technology assets well-designed
More informationCDC UNIFIED PROCESS JOB AID
CDC UNIFIED PROCESS JOB AID Independent Verification & Validation Activities Document Purpose This Job Aid is a brief document listing the items to be noted, checked, remembered, and delivered when completing
More informationSDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013. PwC
SDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013 1 Introductions and Projects Overview Presenters Charlie Miller and Andrew Gerndt The Coca-Cola Company Principal IT Auditors Atlanta,
More informationInformation Technology Strategic Plan 2014-2017
Information Technology Strategic Plan 2014-2017 Leveraging information technology to create a competitive advantage for UW-Green Bay Approved December 2013 (Effective January 2014 December 2017) Contents
More informationAFCEA Aberdeen Luncheon. Army Common Operating Environment (COE) Update. March 11, 2015
AFCEA Aberdeen Luncheon Army Common Operating Environment (COE) Update Mr. Phillip Minor, Deputy Director, COE Directorate Assistant Secretary of the Army for Acquisition, Logistics and Technology (ASA(ALT))
More informationFY 2013 2016 Strategic Plan
Public Health Surveillance and Informatics Program Office FY 2013 2016 Strategic Plan Health decisions and actions are guided by timely and useful information Office of Surveillance, Epidemiology, and
More informationORIGINAL PLAN DATE: MARCH 1, 2012 REVISION DATE: REVISION:
WATER RIGHTS BUSINESS PROCESS MANAGEMENT SYSTEM PROJECT CHARTER FOR CERTIFICATION EXECUTIVE SPONSORS: RENEE MARTINEZ, CHIEF INFORMATION OFFICE JOHN ROMERO, WATER RIGHTS DIVISION CHIEF BUSINESS OWNER WRAP
More informationA Secure and Open Solution for Seamless Transit Systems
A Secure and Open Solution for Seamless Transit Systems Today s Proprietary Fare Collection Systems Transit operators must combat growing security threats while identifying new revenue sources and enhancing
More informationEnhanced Funding Requirements: Seven Conditions and Standards
Department of Health and Human Services Centers for Medicare & Medicaid Services Enhanced Funding Requirements: Seven Conditions and Standards Medicaid IT Supplement (MITS-11-01-v1.0) Version 1.0 April
More informationSYSTEMS SECURITY ENGINEERING
SYSTEMS SECURITY ENGINEERING Mission Statement Integrating Security into Every Solution We Deliver Reducing Risk and Providing Fully Reliable and Trusted Solutions Utilizing Best Practices and Rigorous
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationReal Property Portfolio Optimization
Real Property Portfolio Optimization Improving and Modernizing Management of the Federal Real Property Portfolio to Optimize Space, Financial Resources and Energy Impact www.pwc.com/publicsector Contents
More informationDynamic Service Desk. Unified IT Management. Solution Overview
I T S E R V I C E + I T A S S E T M A N A G E M E N T INFRASTRUCTURE MANAGEMENT Dynamic Service Desk Unified IT Management Achieving business and IT alignment requires having insight into hardware and
More informationTechnology Lifecycle Management. A Model for Enabling Systematic Budgeting and Administration of Government Technology Programs
Technology Lifecycle Management A Model for Enabling Systematic Budgeting and Administration of Government Technology Programs Even as technology improves, government s fundamental IT challenge remains
More informationSection 6. Governance & Investment Roadmap. Executive Governance
Section 6 Governance & Investment Roadmap Executive Governance Strong governance is critical to the success of a long-term, complex transformative initiative. The following section provides a high-level
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationMigrating to Windows 7 - A challenge for IT Professionals
I D C T E C H N O L O G Y S P O T L I G H T Migrating to Windows 7? Technology Points to Consider September 2010 Adapted from Worldwide IT Asset Management Software 2009 2013 Forecast and 2008 Vendor Shares
More informationSECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as
SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as defined in FAR 2.101(b) and further clarified in the Clinger-Cohen
More informationThe SIA Standards Roadmap describes the strategies for achieving the mission and enhancing stakeholder participation.
Mission Statement The mission of the Security Industry Association (SIA) Standards Committee is to develop and promote the use of technology and application standards for the security industry; provide
More informationIT Standards & Contract Management
Appendix F IT Standards & Table of Contents Vision of Action... 2 Background... 3 Goals and Objectives... 4 Projects... 5 Metrics and Measures... 6 F IT Standards & Carol Steffanni Director, MDIT Bureau
More informationHow To Create A Single Sign On For Blackboard
1 Overview Single Sign-On Authentication Appendix Blackboard s authentication technology has been identified as a dynamic, adaptable factor to supporting elearning Systems Integration strategy and implementation.
More informationSmall Business. Leveraging SBA IT resources to support America s small businesses
Small Business Administration Information Technology Strategic Plan ( ITSP) 2012-2016 Leveraging SBA IT resources to support America s small businesses Message from the Chief Information Officer The Small
More informationUnited Nations Industrial Development Organization
- United Nations Industrial Development Organization Distr.: General 11 March 2013 Original: English Industrial Development Board Forty-first session Vienna, 24-27 June 2013 Item 4 (g) of the provisional
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationManagement Consulting: Improving Organizational Performance and Delivery of Quality Service
Leveraging People, Processes, and Technology Management Consulting: Improving Organizational Performance and Delivery of Quality Service A White Paper Authors: Dr. Greg Mandrake Alan, Executive Coach Asmahan
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More informationA Mock RFI for a SD-WAN
A Mock RFI for a SD-WAN Ashton, Metzler & Associates Background and Intended Use After a long period with little if any fundamental innovation, the WAN is now the focus of considerable innovation. The
More information