7.6 VULNERABILITY SCANNING SERVICE (VSS) (L ; C ) Satisfying the Service Requirements (L (c))
|
|
- Francis Shields
- 8 years ago
- Views:
Transcription
1 7.6 VULNERABILITY SCANNING SERVICE (VSS) (L ; C ) The offeror shall describe each of the optional Security Services offered. Table L shows the Security Services that shall be optional to offer. Tables J (b) Technical Stipulated Requirements for Optional IP-Based Services and J (b) Technical Narrative Requirements for Optional IP-Based Services identify the stipulated and narrative requirements, respectively, that shall apply exclusively to optional services. The offeror shall describe all optional Transport/IP/Optical Services offered to include: Satisfying the Service Requirements (L (c)) A technical description of how the service requirements (e.g., capabilities, features, interfaces) are satisfied for all proposed optional services. Overview Figure Sprint Vulnerability Scanning Service X XXXXXXXXXXXXXXXXXXXXXXXXXXXX The Sprint Vulnerability Scanning Service (VSS) allows agencies to conduct effective and proactive assessments of critical networking environments, and correct vulnerabilities before someone exploits them. This Page 956 March 5, 2007
2 offering helps to guard Agency systems and network infrastructures against emerging threats. X XXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXX Figure Vulnerability Scanning Network Diagram XXXXXXXXXXXXXXXXXXX Page 957 March 5, 2007
3 Facilities XXXXXXXXXXXXXXX Agency Site XXXXXXXX XXXX X X X XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX Page 958 March 5, 2007
4 XX X XXXXXXXXXXXXXXXXXX Sprint updates the scanner databases regularly with the latest threat information. The scanner manufacturer tests these updates and distributes them directly thus ensuring the integrity and safety of scan operations. VSS Secure Operations Center (VSOC) XXX X XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X X XXXX XXXXXXX XXXXXXXXXXX XXXXX XXX XXXX XXXXXXXXXXXXXXX Page 959 March 5, 2007
5 Remote Management Site X XXX XXX XXXXXXXXXXXXXXXXXXXXXXXXXX VSS APPROACH XXXXXXXXX. Stage Table Vulnerability Scanning Stages Description XXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXX XXXXXXXX XXXXX XXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXXXXXXXXXXX XXXXXXXXX XXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXX Page 960 March 5, 2007
6 XXX XXXXXXXXXXXXXXXXXX XX XXXX XXXX XXXXXXXXXXXXXXXXXX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX In accordance with requirements specified in Networx RFP section C.3.3.2, Security Management, Sprint will assist the Government to comply with applicable Federal Information Security Management Act (FISMA) requirements. The Sprint information security program relies on industry and Government guidance and standards that promote the management, technical and operational security controls it implements to protect Networx. Services and OSS are defined, architected, implemented, and maintained in a manner consistent with National Institute of Standards and Technology (NIST) guidance. Consistent with FIPS 199, Sprint will perform Business Impact Assessments of Networx information systems to operate a costeffective security program that protects the confidentiality, integrity, and Page 961 March 5, 2007
7 availability of the Networx program. Sprint management, technical and operational security controls will meet the criteria for controls outlined in NIST Special Publication , Annex 1 as supplemented by all existing information security controls implemented by Sprint for the FTS2001 Program. Sprint will provide Agencies with the following: XXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXX X XXXXXXXXXXXXXXXXXXXXX XXX X XXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXX Page 962 March 5, 2007
8 X XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXX X XXXXXXXXXXXXXXXX 9. To provide the Agency with non-destructive and non-intrusive vulnerability scans that will neither crash the systems under analysis, nor disrupt Agency operations; Sprint follows advanced safety measures and protocols. XXXXXXXXXXXXXXXXXXXXXXXXXXXXX X X X XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXX X XXXXXX Page 963 March 5, 2007
9 XXXXXXXXXXXXXXXXXXX Features XXXXXXXXXXXXXXXXXX XXX X X XXXXXXXXXXXXX Interfaces X XXXXXXXXXXXXX XXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXX Quality of Services (L (d)) A description of the quality of the services with respect to the performance metrics specified in Section C.2 Technical Requirements for each proposed optional service, and other performance metrics used by the offeror. Sprint will meet the 4 and 8 hour AQLs for TTR requirement for VSS. Sprint tracks AQLs for Availability and Time to Restore compliance in the XXXXXXXXXXXXXX The values are based on the formula located in Sections C (VSS Performance Metrics) for Availability, and Page 964 March 5, 2007
10 Section C (Step 4 Fault Management) for TTR. The values generated by these formulae are used to determine compliance with the requirement. Sprint will comply with all VSS performance metrics Exceeding the Specified Service Requirements (L (e)) If the offeror proposes to exceed the specified service requirements (e.g., capabilities, features, interfaces), a description of the attributes and value of the proposed service enhancements. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Experience Delivering Services (L (f)) A description of the offeror s experience (including major subcontractors) with delivering each proposed optional service. Sprint has provided security planning assistance to Fortune 500 companies, integrated security considerations into the design of new systems, as well as delivered security recommendations for existing systems. These proactive measures were instrumental in assuring that systems were protected throughout their entire life cycle. This protection covered emerging threats, as wells as degradation of overall security levels resulting from normal system usage. Sprint s security professionals have experience and skills gained through handling systems of progressively increasing complexity. They understand server security because they have worked as Network Administrators. They understand the need for network security in environments with diverse operating systems because they have worked as Network Engineers. They understand multiple aspects of security issues because they have managed firewalls, worked incident response issues, been involved in intrusion detection and forensics activities, and conducted facility-wide Vulnerability Scanning and Assessments. Here are a few examples where Sprint services were instrumental in preventing client system exploits. Page 965 March 5, 2007
11 XXXXXXX XXXXXXXXXXXXXXXXXXXX XXXXXX Sprint brings this wealth of knowledge along with National Security Agency (NSA) certifications in vulnerability assessment, in delivering the VSS so Agencies can feel secure in knowing that our analysis and recommendations will hold the highest benefit. The Sprint managed security-based services provide a high level of security for our clients critical information infrastructures. Monitoring and scheduling scanning services identified vulnerabilities and resulted in recommendations to mitigate risks that could affect production systems and personal information. This allowed our clients to operate more effectively and maintain a higher-than-normal security posture. Sprint views VSS as an extension of the Agency s environment. Prior to implementation Sprint will work with the customer to obtain a better understanding of each Agency s security policies. This understanding will enable Sprint to implement a solution that complies with that Agency s security policies and will ensure accurate results Testing and Verifying Services (L (g)) A description of the offeror s approach to perform verification of individual services delivered under the contract, in particular the testing procedures to verify acceptable performance and Key Performance Indicator (KPI)/Acceptable Quality Level (AQL) compliance. Page 966 March 5, 2007
12 Time to Restore XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Figure Trouble Resolution Process XXXX XXXXXXXXXXXXXXXXXXXXX X XXX X, XXXXXXXXXXXXXXXXXXXXXXXXXXXX Page 967 March 5, 2007
13 Availability Sprint has adopted a consistent methodology for measuring availability of Networx products and services. Consistent with the methodology, availability will be computed according to the formula specified in RFP Table C , with outage time based on reported trouble ticket data Impact of Delivery of Optional Services on the Network Architecture (L (h)) A description of how the delivery of any optional services would impact the network architecture (e.g., security, quality and reliability, performance). Based on the current requirements, Sprint does not foresee any impact of delivery of the optional services on the Network Architecture as it relates to security, quality, reliability and performance Satisfying NS/EP Basic Functional Requirements (L (i)) A description of the offeror s approach to satisfy each NS/EP basic functional Requirement listed in Section C There are no NS/EP requirements for Vulnerability Scanning Service Assuring Service to the National Capital Region (L (j)) A description of how the network architecture will satisfy the requirements in Section C for assured service in the National Capital Region, if applicable. This requirement is not applicable for the Vulnerability Scanning Service Meeting Section 508 Provisions (L (k)) A description of the offeror s approach for providing the capabilities needed to meet Section 508 provisions identified in Section C.6.4 for the proposed optional services. Sprint delivers VSS products as Section 508-compliant PDF files through the XXXXXXXXXXXX XXXXXXXXXXX will be 508 compliant. Page 968 March 5, 2007
14 Incorporating Future Technological Enhancements and Improvements (L (l)) A description of the approach for incorporating into the proposed optional services, technological enhancements and improvements that the offeror believes are likely to become commercially available in the timeframe covered by this acquisition, including a discussion of potential problems and solutions. As technological enhancements and improvements for Sprint s VSS become commercially available, Sprint will thoroughly tests them for stability and effectiveness prior to offering them to our clients. XXXXXXXXXXXXXXX XX X XXX XX XXXXXXXXXXXXXXXXXXXXXXX Summary The Sprint VSS solution provides a mechanism for Agencies to validate the effectiveness of their other security infrastructure. Sprint will consult with Agency IT, engineering, and operational staff to design a scanning solution that meets the Agency s requirements. Page 969 March 5, 2007
7.1 MANAGED FIREWALL SERVICES (MFS) (L.34.1.6; C.2.10.1)
7.1 MANAGED FIREWALL SERVICES (MFS) (L.34.1.6; C.2.10.1) The offeror shall describe the means by which the requirements for Security Services specified in Section C.2 Technical Requirements will be satisfied.
More information7.5.1 Satisfying the Service Requirements (L.34.1.6.4 (c))
7.5 MANAGED E-AUTHENTICATION SERVICE (MEAS) (L.34.1.6.4; C.2.10.6) The offeror shall describe each of the optional Security Services offered. Table L.34.1-8 shows the Security Services that shall be optional
More informationFTS NETWORX Enterprise TQC-JTB-05-0002
7 DISASTER RECOVERY The Sprint promise to our customers is to deliver the broadest choice and flexibility of communication products and services so they can do what they want and better. Sprint understands,
More information5.2.2 Voice Over Internet Protocol Transport Services (VOIPTS) (L.34.1.4; C.2.7.8)
5.2.2 Voice Over Internet Protocol Transport Services (VOIPTS) (L.34.1.4; C.2.7.8) The offeror shall describe the means by which the requirements for Transport/IP/Optical Services specified in Section
More information6.3 VIDEO TELECONFERENCING SERVICES (VTS) (L.34.1.5.4; C.2.8.1) 6.3.1 Satisfying the Service Requirements (L.34.1.5.4 (c))
6.3 VIDEO TELECONFERENCING SERVICES (VTS) (L.34.1.5.4; C.2.8.1) The offeror shall describe each of the optional Management and Applications Services offered. Table L.34.1-6 shows the Management and Applications
More informationSUBJECT: Audit Report Disaster Recovery Capabilities of the Enterprise Payment Switch (Report Number IS-AR-09-009)
July 30, 2009 ROSS PHILO VICE PRESIDENT, CHIEF INFORMATION OFFICER ROBERT J. PEDERSEN TREASURER SUBJECT: Audit Report Disaster Recovery Capabilities of the (Report Number ) This report presents the results
More informationRESTRICTED POLICY. 1. SoS From: Martin Bellamy Pensions IS Director. Use of the Customer Information System as a shared, cross-government asset
1. SoS From: Martin Bellamy Pensions IS Director Date: 16 February 2007 Copy:Janet Grossman Acting Chief Executive Permanent Secretary Ministers Special Advisors ET PSMT See attached list Use of the Customer
More information9 TROUBLE AND COMPLAINT HANDLING
9 TROUBLE AND COMPLAINT HANDLING The offeror shall describe its organization, resources, strategies, practices, policies, processes, procedures, tools, systems, reports and any other relevant capabilities
More information3.2 Program Management (L.30.2.3.2; C.7; G.1.3)
3.2 Program Management (L.30.2.3.2; C.7; G.1.3) Verizon, as a full-service telecommunications integrator, is the logical choice to continue serving and expanding the growing WITS customer base due to its
More informationPension Taxation Issues. 2. This paper deals with a number of topical issues in the general area of pension taxation.
TSG 10/23 Pension Taxation Issues Introduction 1. Over half of people in employment are covered by supplementary or private pension arrangements, including close to 850,000 private and public sector employees
More informationPAUL VOGEL MANAGING DIRECTOR, GLOBAL BUSINESS AND SENIOR VICE PRESIDENT
February 12, 2008 GEORGE W. WRIGHT ACTING VICE PRESIDENT, CHIEF TECHNOLOGY OFFICER SUSAN M. PLONKEY VICE PRESIDENT, CUSTOMER SERVICE PAUL VOGEL MANAGING DIRECTOR, GLOBAL BUSINESS AND SENIOR VICE PRESIDENT
More informationROSS PHILO EXECUTIVE VICE PRESIDENT AND CHIEF INFORMATION OFFICER
March 24, 2010 ROSS PHILO EXECUTIVE VICE PRESIDENT AND CHIEF INFORMATION OFFICER CHARLES L. MCGANN MANAGER, CORPORATE INFORMATION SECURITY SUBJECT: Audit Report Windows Access Controls at the Information
More informationHALLOWEEN SPOOKTACULAR STUDENT WORKSHEET MASTERS AND ANSWER KEYS
HALLOWEEN SPOOKTACULAR STUDENT WORKSHEET MASTERS AND ANSWER KEYS Dear Assembly Coordinator and Teachers, The following pages contain student worksheet masters and answer keys. They are to be used in conjunction
More informationUnitedHealthcare India Claims Document Submission-Self Service Tool
UnitedHealthcare India Claims Document Submission-Self Service Tool Any use, copying or distribution without written permission from UnitedHealth Group is prohibited. 1 Overview (Please click on the link
More informationIVA Funds New IRA Account Application
PLEASE PRINT ALL ITEMS CLEARLY IVA Funds New IRA Account Application This form may be used to open a new Traditional IRA, Rollover IRA, Roth IRA, or SEP IRA in accordance with the Custodial Account Adoption
More informationNEXT. Tools of the Participant Portal: Scientific Reports & Deliverables
NEXT Tools of the Participant Portal: Scientific Reports & Deliverables Scientific Reporting and Deliverables: Terminology Scientific Reporting: Standardised format & always due at the end of Reporting
More informationJanuary 20, 2009 GEORGE W. WRIGHT VICE PRESIDENT, INFORMATION TECHNOLOGY OPERATIONS
January 20, 2009 GEORGE W. WRIGHT VICE PRESIDENT, INFORMATION TECHNOLOGY OPERATIONS SUBJECT: Audit Report Service Continuity at the Information Technology and (Report Number ) This report presents the
More informationEnterprise SM VOLUME 1, SECTION 5.1: MANAGED TIERED SECURITY SERVICES
VOLUME 1, SECTION 5.1: MANAGED TIERED SECURITY SERVICES 5.1 MANAGED TIERED SECURITY SERVICES [C.2.7.4, M.2.1.3] Level 3 will support the GSA s Multi-Tier Security Profiles (MTSP) initiative in accordance
More informationGuide For Using The Good MPF Employer Award Logo
Guide For Using The Good MPF Employer Award Logo Contents 1. Preface 2. General Guidelines P.2 P.3 3. Logo Usage a. Minimum Size and Clear Space b. Full Colour Logo c. Black, Reversed, Single Colour and
More informationOff-Site Contingency Plan REDACTED VERSION
Hunterston B Nuclear Power Station and Hunterston A Decommissioning Site Off-Site Contingency Plan Prepared by Ayrshire Civil Contingencies Team on behalf of North Ayrshire Council For the West of Scotland
More informationcommunication and action-planning toolkit using surveys to achieve change in organisations
communication and action-planning toolkit using surveys to achieve change in organisations www.voiceproject.com.au Voice Project Pty Ltd, ABN 90 089 506 801 Sydney Melbourne P: +61 2 8875 2800, E: sydney@voiceproject.com.au
More informationREVIEW OF HARWOOD MUSEUM OF THE UNIVERSITY OF NEW MEXICO
REVIEW OF HARWOOD MUSEUM OF THE UNIVERSITY OF NEW MEXICO THE UNIVERSITY OF NEW MEXICO May 29, 2015 Audit and Compliance Committee Members Lt. General Bradley Hosmer, Chair Jack Fortner, Vice Chair James
More informationSUGI 29 Posters. Web Server
Paper 151-29 Clinical Trial Online Running SAS. on the Web without SAS/IntrNet. Quan Ren ABSTRACT During clinical trial, it is very important for the project management to have the most recent updated
More informationAn example of a CPD submission by an independent statistical consultant
An example of a CPD submission by an independent statistical consultant Commentary The attached submission was made by a CSci registrant who was selected for audit as part of the CSci revalidation process
More informationCapital Investment in Health Report of the Department of Health. Overview and Priorities
Capital Investment in Health Report of the Department of Health Overview and Priorities Introduction The attached report, which can be read in conjunction with the HSE Capital Plan 2011-2015 1, seeks to
More information5.1.1 Voice Services (VS) (L.34.1.4.6; C.2.2.1)
5.1.1 Voice Services (VS) (L.34.1.4.6; C.2.2.1) The offeror shall describe each of the optional services offered. Table L.34.1-4 shows the Transport/IP/Optical Services that shall be optional to offer.
More informationTHOMAS G. DAY SENIOR VICE PRESIDENT, INTELLIGENT MAIL AND ADDRESS QUALITY PRITHA N. MEHRA VICE PRESIDENT, BUSINESS MAIL ENTRY AND PAYMENT TECHNOLOGIES
March 31, 2009 THOMAS G. DAY SENIOR VICE PRESIDENT, INTELLIGENT MAIL AND ADDRESS QUALITY PRITHA N. MEHRA VICE PRESIDENT, BUSINESS MAIL ENTRY AND PAYMENT TECHNOLOGIES GEORGE W. WRIGHT VICE PRESIDENT, INFORMATION
More informationPDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]
PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name] [Date] [Location] 1 Prepared by: [Author] [Title] Date Approved by: [Name] [Title] Date 2
More informationDisplaying a CAODC Service Rig Electronic Tour Sheet
Displaying a CAODC Service Rig Electronic Tour Sheet V1.4.0 A displayed or printed Service Rig Electronic Tour Sheet is divided into the individual sections as defined below. Each section can have independent
More informationNIST Cyber Security Activities
NIST Cyber Security Activities Dr. Alicia Clay Deputy Chief, Computer Security Division NIST Information Technology Laboratory U.S. Department of Commerce September 29, 2004 1 Computer Security Division
More informationReview of VAT on Property Summary
Review of VAT on Property Summary TSG 06/18 1. This paper deals with the current system of applying VAT to property transactions and the various proposals for change arising from a Revenue review of VAT
More informationDeutsche Bank Paper Invoice Submission and Compliance Requirements Manual (PO and Non PO) India Region
November - 2015 Deutsche Bank Paper Invoice Submission and Compliance (PO and Non PO) India Region Contents: 1.Introduction 2.Invoice Submission 3.Invoice Contact Compliance 4.Policy Compliance 5.Other
More informationGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach
More informationTAFE TEACHERS AND RELATED EMPLOYEES ENTERPRISE AGREEMENT 2013. Statements of duties for proposed new roles
TAFE TEACHERS AND RELATED EMPLOYEES ENTERPRISE AGREEMENT 2013 Statements of duties for proposed new roles Education Support Officer Assessor Head Teacher Band 3 POSITION INFORMATION Education Support Officer
More informationThe following individuals were called to testify on behalf of the CHSD :
BEFORE THE SPECIAL EDUCATION DUE PROCESS HEARING PANEL DUE PROCESS HEARING FOR THE CAPE HENLOPEN SCHOOL DISTRICT IN RE THE MATTER OF: : : DP DE (06-04) XXXXXXXXXXXXXXXXXXX V. : : CAPE HENLOPEN SCHOOL DISTRICT
More informationNavigate Your Way to NERC Compliance
Navigate Your Way to NERC Compliance NERC, the North American Electric Reliability Corporation, is tasked with ensuring the reliability and safety of the bulk power system in North America. As of 2010,
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationEnterprise SM VOLUME 1, SECTION 4.2: CUSTOMER-SPECIFIC DESIGN AND ENGINEERING SERVICES
VOLUME 1, SECTION 4.2: CUSTOMER-SPECIFIC DESIGN AND ENGINEERING SERVICES 4.2 CUSTOMER-SPECIFIC DESIGN AND ENGINEERING SERVICES (CSDES) [C.2.11.9, M.2.1.4] This section of our proposal addresses the Level
More informationNASHVILLE STATE TECHNICAL COMMUNITY COLLEGE 120 WHITE BRIDGE ROAD NASHVILLE, TENNESSEE 37209
NASHVILLE STATE TECHNICAL COMMUNITY COLLEGE 120 WHITE BRIDGE ROAD NASHVILLE, TENNESSEE 37209 NATIONAL SCIENCE FOUNDATION AWARD NUMBERS DUE-9850307, DUE-0202249, DUE-0202397 FINANCIAL AUDIT OF FINANCIAL
More informationSUBJECT: Audit Report Postal Service s Employee Benefit Programs (Report Number HM AR 07 003)
September 24, 2007 ANTHONY J. VEGLIANTE EXECUTIVE VICE PRESIDENT AND CHIEF HUMAN RESOURCES OFFICER SUBJECT: Audit Report Postal Service s Employee Benefit Programs (Report Number ) This report presents
More informationFLORIDA DEPARTMENT OF EDUCATION OFFICE OF STUDENT FINANCIAL ASSISTANCE (OSFA) FEDERAL FAMILY EDUCATION LOAN PROGRAM LENDER ALERT JANUARY 2002
FLORIDA DEPARTMENT OF EDUCATION OFFICE OF STUDENT FINANCIAL ASSISTANCE (OSFA) FEDERAL FAMILY EDUCATION LOAN PROGRAM LENDER ALERT JANUARY 2002 TERMINATED INSTITUTIONS The following educational institutions,
More informationUM10155. Discrete Class D High Power Audio Amplifier. Document information
Rev. 02 5 September 2006 User manual Document information Info Keywords Abstract Content Class D Audio Amplifier, Universal Class D, UcD, PWM Audio Amplifier, High Power Audio. This user manual describes
More informationThe reporting framework must accommodate the requirements
CHAPTER 5 Templates for Reporting Performance Measures The reporting framework must accommodate the requirements of different levels in the organization and the reporting frequency that supports timely
More informationFedRAMP Standard Contract Language
FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationSELECTING AND PRIORITIZING TARGET BEHAViORS IN PUBLIC HEALTH PROGRAMS
- %;? ' ( ;.. SELECTING AND PRIORITIZING TARGET BEHAViORS IN PUBLIC HEALTH PROGRAMS Elizabeth Mills Booth forth» World Health Organization Informal Consultation Improving Water-Related Hygiene Behaviors
More informationAttaining HIPAA Compliance with Retina Vulnerability Assessment Technology
l Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Overview The final privacy rules for securing electronic health care became effective April 14th, 2003. These regulations require
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationUNITED STATES DEPARTMENT OF EDUCATION OFFICE FOR CIVIL RIGHTS THE WANAMAKER BUILDING, SUITE 515 100 PENN SQUARE EAST PHILADELPHIA, PA 19107-3323
UNITED STATES DEPARTMENT OF EDUCATION OFFICE FOR CIVIL RIGHTS THE WANAMAKER BUILDING, SUITE 515 100 PENN SQUARE EAST PHILADELPHIA, PA 19107-3323 REGION III DELAWARE KENTUCKY MARYLAND PENNSYLVANIA WEST
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationCounselorMax and ORS Managed Hosting RFP 15-NW-0016
CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting
More informationTOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series
TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital
More informationSupporting FISMA and NIST SP 800-53 with Secure Managed File Transfer
IPSWITCH FILE TRANSFER WHITE PAPER Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer www.ipswitchft.com Adherence to United States government security standards can be complex to plan
More informationEnterprise SM VOLUME 1, SECTION 4.5: WEB CONFERENCING SERVICES (WCS)
VOLUME 1, SECTION 4.5: WEB CONFERENCING SERVICES (WCS) 4.5 WEB CONFERENCING SERVICE (WCS) [C.2.8.3] This section of our proposal addresses Level 3 s offering to provide Web Conferencing Services (WCS)
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationCautela Labs Cloud Agile. Secured.
Cautela Labs Cloud Agile. Secured. Vulnerability Management Scanning and Assessment Service Vulnerability Management Services New network, application and database vulnerabilities emerge every day. Because
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationRDSI Configuraciones en Enrutadores. Configuración. Usuarios. Interfaz BRI. Preparado por. Ing. Oscar Molina Loría. Interfaz BRI
RDSI Configuraciones en Enrutadores Preparado por Ing. Oscar Molina Loría Interfaz BRI Ususarios para autenticación. Tipo de switch de ISDN Interfaz. Listas de acceso Rutas estaticas Verificación del estatus
More informationAudit of Payroll Distribution System California Institute of Technology Pasadena, California National Science Foundation Office of Inspector General
Audit of Payroll Distribution System California Institute of Technology Pasadena, California National Science Foundation Office of Inspector General March 30, 2007 OIG 07-01-013 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
More informationsecurity in the cloud White Paper Series
security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationNOTICE: This publication is available at: http://www.nws.noaa.gov/directives/.
Department of Commerce National Oceanic & Atmospheric Administration National Weather Service NATIONAL WEATHER SERVICE INSTRUCTION 60-703 23 April 2013 Information Technology IT Security VULNERABILITY
More informationIT Operations Operator and Fault Logs
1. Approval and Authorisation Completion of the following signature blocks signifies the review and approval of this Process (signed copy held in safe) Name Job Title Signature Date Authored by:-
More informationNextiraOne, LLC d/b/a Black Box Network Services
NextiraOne, LLC d/b/a Black Box Network Services Black Box Network Services Additional Terms and Conditions Managed Services ( Additional Terms ) applicable to furnishing of equipment and services within
More informationCalifornia Dept. of Technology AT&T CALNET 3. Service Level Agreements (SLA) 7.3 Network Based Managed Security
California Dept. of Technology AT&T CALNET 3 Level Agreements (SLA) Subcategory 7.3 Network Based Managed Security Page 1 Trouble Ticket Stop Clock Conditions The following conditions shall be allowed
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationSecurity Standard: Servers, Server-based Applications and Databases
Security Standard: Servers, Server-based Applications and Databases Scope This standard applies to all servers (including production, training, test, and development servers) and the operating system,
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationHow to find your R&S Reports
How to find your R&S Reports 1) Go to www.tmhp.com and click providers in the header. 2) Click Go to TexMedConnect in the upper right corner. 3) Enter your User name and Password. Click OK. Version 2012
More informationStyle Guide for the Applied Dissertation
Style Guide for the Applied Dissertation August 2009 The Style Guide for the Applied Dissertation describes the required format and style for applied dissertations at the Fischler School of Education and
More informationNetIQ FISMA Compliance & Risk Management Solutions
N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a
More informationInformation on the Renewable Energy Tax Credit (Iowa Code Section 476C) Iowa Utilities Board
Information on the Renewable Energy Tax Credit (Iowa Code Section 476C) Iowa Utilities Board Description: The Renewable Energy Tax Credit is available for a producer or purchaser of energy from an eligible
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationEND TO END DATA CENTRE SOLUTIONS COMPANY PROFILE
END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE About M 2 TD M2 TD is a wholly black Owned IT Consulting Business. M 2 TD is a provider of data center consulting and managed services. In a rapidly changing
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationUniversity of Central Florida Class Specification Administrative and Professional. Information Security Officer
Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team
More informationAnnex 9: Technical proposal template. Table of contents
UNFCCC/CCNUCC Page 1 Annex 9: Technical proposal template Table of contents Annex 9... 3 9.1 Technical proposal... 3 9.1.1 Vendor s name... 3 9.2 Engagement model... 3 9.2.1 Type of engagement... 3 9.2.2
More informationFTS Networx Enterprise. 3 System Security Plan
FTS Networx Enterprise 3 System Security Plan Version 1.2 (March 2007) DOCUMENT CONTROL Version Date Author Updates 1.0 10/24/05 K. Eiben Initial release 1.1 09/07/06 K. Eiben Updates due to CR/DN items
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationResponse to Questions CML 15-018 Managed Information Security
Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationCommercial Solutions for Classified (CSfC) Customer Handbook Version 1.1
Commercial Solutions for Classified (CSfC) Customer Handbook Version 1.1 This page is intentionally left blank. ii Table of Contents I. Introduction... 1 II. Purpose... 1 III. Audience... 1 IV. CSfC Artifacts
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationPayer-Industry Partnerships in Emerging Markets: Best Practices for Successful Market Access of New Pharmaceuticals STUDY EXTRACT: CHINA P3696
Payer-Industry Partnerships in Emerging Markets: Best Practices for Successful Market Access of New Pharmaceuticals STUDY EXTRACT: CHINA P3696 Report written by: Elena Akborisova, Anu Bharath, Cecilia
More informationInformation Security Office
Information Security Office SAMPLE Risk Assessment and Compliance Report Restricted Information (RI). Submitted to: SAMPLE CISO CIO CTO Submitted: SAMPLE DATE Prepared by: SAMPLE Appendices attached: Appendix
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationIBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security
IBM Internet Security Systems October 2007 FISMA Compliance A Holistic Approach to FISMA and Information Security Page 1 Contents 1 Executive Summary 1 FISMA Overview 3 Agency Challenges 4 The IBM ISS
More informationINSTRUCTIONS FOR FILING FERC FORM NO. 73 OIL PIPELINE SERVICE LIFE DATA
Form Approved OMB No. 1902-0019 (Expires 05/31/2017) INSTRUCTIONS FOR FILING FERC FORM NO. 73 OIL PIPELINE SERVICE LIFE DATA Title 18, U.S.C. 1001 makes it a crime for any person knowingly and willingly
More informationFRCC NETWORK SERVICES REQUEST FOR PROPOSAL
FRCC NETWORK SERVICES REQUEST FOR PROPOSAL January 2013 TABLE OF CONTENTS A. INTRODUCTION AND INSTRUCTIONS TO VENDORS... 1 A.1 Introduction... 1 A.2 Background Information... 1 A.3 General Conditions...
More information