FedRAMP Master Acronym List. Version 1.0
|
|
- Geoffrey Morris
- 8 years ago
- Views:
Transcription
1 FedRAMP Master Acronym List Version 1.0 September 10, 2015
2 Revision History Date Version Page(s) Description Author Sept. 10, All Initial issue. FedRAMP PMO How to Contact Us For questions about FedRAMP or this document, to For more information about FedRAMP, visit the website at Page ii
3 Table of Contents 1. List of Acronyms... 1 List of Tables Table 1. FedRAMP Acronyms... 1 Page iii
4 1. LIST OF ACRONYMS Table 1 below is the master list of FedRAMP acronyms. Please send suggestions about corrections, additions, or deletions to info@fedramp.gov. Table 1. FedRAMP Acronyms Acronym 3PAO A2LA AC ACL AO APL AT ATO AU BIA CA CapEx CCB CDM CI CIOC CIS CISO CLI CM CMP CMVP ConMon COOP CO COR COTS CP CR CRM CSIRC OCSIT CSP CTW DAS DHS Meaning Third Party Assessment Organization American Association of Laboratory Accreditation Access Control Access Control List Authorizing Official Approved Products List (DOD list) Awareness and Training Authorization To Operate Audit and Accountability Business Impact Analysis / Business Impact Assessment Security Assessment and Authorization Capital Expense Change Control Board Continuous Diagnostics and Mitigation Configuration Item Chief Information Officer Council Control Implementation Summary / Control Information Summary Chief Information Security Officer Command Line Interface Configuration Management / Change Management Configuration Management Plan Cryptographic Module Validation Program Continuous Monitoring Continuity of Operations Contracting Officer Contracting Officer s Representative Commercial Off-The-Shelf Contingency Planning / Contingency Plan Change Request Customer Relationship Management Computer Security Incident Response Center Office of Citizen Services and Innovative Technologies (of GSA) Cloud Service Provider Control Tailoring Workbook Direct Attached Storage Department of Homeland Security Page 1
5 DNS Domain Name System ECSB Enterprise Cloud Service Broker FDCCI Federal Data Center Consolidation Initiative FedRAMP Federal Risk and Authorization Management Program FIPS Federal Information Processing Standard FISMA Federal Information Security Management Act (of 2002) FOC Final Operating Capability FTP File Transfer Protocol GSA General Services Administration GSS General Support System GUI Graphical User Interface HIPAA Health Insurance Portability and Accountability Act (of 1996) HSM Hardware Security Module HSPD 12 Homeland Security Presidential Directive 12 IA Identification and Authentication IaaS Infrastructure as a Service IEC International Electrotechnical Commission IG Inspector General / Implementation Guidance IOC Initial Operating Capability IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 IR Incident Response iscsi Internet Small Computer System Interface ISIMC Information Security and Identity Management Committee ISO International Organization for Standardization International Organization for Standardization / International Electrotechical ISO/IEC Commission ISSO Information System Security Officer IT Information Technology ITCP IT Contingency Plan JAB (FedRAMP) Joint Authorization Board LMS Learning Management System MA Maintenance MAS Multiple Award Schedule Max Max.gov (file repository website) MP Media Protection MTIPS Managed Trusted IP Service N/A Not Applicable NARA National Archives and Records Administration NAS Network Attached Storage NAT Network Address Translation NFPA National Fire Protection Association NGO Non-Governmental Organization NISP National Industrial Security Program NIST National Institute of Standards and Technology Page 2
6 NNTP NPPD NTP NVI OCSIT OIG OMB OpEx OR OWASP PA PaaS P-ATO PDF PE PIA PII PIV PL PMO POA&M POC PS QA QC QM PTA RA RBAC RFC RFI RFP RIP ROB RoE SA SaaS SAF SAML SAN SAP SAR SAS SC SCSI Network News Transfer Protocol National Protection and Programs Directorate (of DHS) Network Time Protocol NAT Virtual Interface Office of Citizen Services and Innovative Technologies (us) Office of the Inspector General Office of Management and Budget Operating Expense Operational Requirement Open Web Application Security Project Provisional Authorization Platform as a Service Provisional Authorization to Operate Portable Document Format Physical and Environmental Protection Privacy Impact Assessment Personally Identifiable Information Personal Identity Verification Planning Program Management Office Plan of Action and Milestones Point of Contact Personnel Security Quality Assurance Quality Control Quality Management Privacy Threshold Analysis Risk Assessment Role-Based Access Control Request For Change Request for Information Request for Proposal Routing Information Protocol Rules of Behavior Rules of Engagement System and Services Acquisition Software as a Service Security Assessment Framework Security Assertion Markup Language Storage Area Networks Security Assessment Plan Security Assessment Report Security Assessment Support System and Communications Protection Small Computer System Interface Page 3
7 SI SLA SME SMS SMTP SOP SSO SSP TFTP TIC TICAP TR TR-R UPS US-CERT UUCP VLAN VPN System and Information Integrity Service Level Agreement Subject Matter Expert Short Message Service Simple Mail Transfer Protocol Standard Operating Procedure Single Sign-On System Security Plan Trivial FTP Trusted Internet Connection Trusted Internet Connection Access Providers Technical Representative Technical Representative s Representative Uninterruptible Power Source United States Computer Emergency Readiness Team Unix-to-Unix Copy Protocol Virtual Local Area Network Virtual Private Network Page 4
Guide to Understanding FedRAMP. Guide to Understanding FedRAMP
Guide to Understanding FedRAMP Version 1.0 June 5, 2012 Executive Summary This document provides helpful hints and guidance to make it easier to understand FedRAMP s requirements. The primary purpose of
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationFedRAMP Government Discussion Matt Goodrich, FedRAMP Director
FedRAMP Government Discussion Matt Goodrich, FedRAMP Director January 14, 2015 [classification marking] PAGE FedRAMP Overview Ensuring Secure Cloud Computing FedRAMP was established via OMB Memo in December
More informationProposed Security Assessment & Authorization for U.S. Government Cloud Computing
Proposed Security Assessment & Authorization for U.S. Government Cloud Computing Draft version 0.96 November 2, 2010 Preface Proposed Security Assessment and Authorization for U.S. Government Cloud Computing:
More informationSecurity Language for IT Acquisition Efforts CIO-IT Security-09-48
Security Language for IT Acquisition Efforts CIO-IT Security-09-48 Office of the Senior Agency Information Security Officer VERSION HISTORY/CHANGE RECORD Change Number Person Posting Change Change Reason
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationSecurity Compliance In a Post-ACA World
1 Security Compliance In a Post-ACA World Security Compliance in a Post-ACA World Discussion of building a security compliance framework as part of an ACA Health Insurance Exchange implementation. Further
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationCMS SYSTEM SECURITY PLAN (SSP) PROCEDURE
Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS SYSTEM SECURITY PLAN (SSP) PROCEDURE August 31, 2010 Version 1.1 - FINAL Summary of Changes in SSP
More informationSecurity Authorization Process Guide
Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationFiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Information Technology Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program Report.
More informationFederal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide
More informationCTR System Report - 2008 FISMA
CTR System Report - 2008 FISMA February 27, 2009 TABLE of CONTENTS BACKGROUND AND OBJECTIVES... 5 BACKGROUND... 5 OBJECTIVES... 6 Classes and Families of Security Controls... 6 Control Classes... 7 Control
More informationSystem Security Certification and Accreditation (C&A) Framework
System Security Certification and Accreditation (C&A) Framework Dave Dickinson, IOAT ISSO Chris Tillison, RPMS ISSO Indian Health Service 5300 Homestead Road, NE Albuquerque, NM 87110 (505) 248-4500 fax:
More informationFedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO
FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO www.fedramp.gov www.fedramp.gov 1 Today s Training Welcome to Part Four of the FedRAMP Training Series:
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationNIST 800-53A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich
NIST 800-53A: Guide for Assessing the Security Controls in Federal Information Systems Samuel R. Ashmore Margarita Castillo Barry Gavrich CS589 Information & Risk Management New Mexico Tech Spring 2007
More informationCMS POLICY FOR THE INFORMATION SECURITY PROGRAM
Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS POLICY FOR THE INFORMATION SECURITY PROGRAM FINAL Version 4.0 August 31, 2010 Document Number: CMS-CIO-POL-SEC02-04.0
More informationEsri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationInformation System Security Officer (ISSO) Guide
Information System Security Officer (ISSO) Guide Information Security Office Version 8.0 June 06, 2011 DEPARTMENT OF HOMELAND SECURITY Document Change History INFORMATION SYSTEM SECURITY OFFICER (ISSO)
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationFedRAMP Standard Contract Language
FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal
More informationSecurity Controls Assessment for Federal Information Systems
Security Controls Assessment for Federal Information Systems Census Software Process Improvement Program September 11, 2008 Kevin Stine Computer Security Division National Institute of Standards and Technology
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationU.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS. Final Audit Report
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationDepartment of Homeland Security
Evaluation of DHS Information Security Program for Fiscal Year 2013 OIG-14-09 November 2013 Washington, DC 20528 / www.oig.dhs.gov November 21, 2013 MEMORANDUM FOR: FROM: SUBJECT: Jeffrey Eisensmith Chief
More informationNARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014
NARA s Information Security Program OIG Audit Report No. 15-01 October 27, 2014 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit Results... 8 Appendix
More informationReport of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act.
OFFICE OF INSPECTOR GENERAL Report of Evaluation OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s Evaluation of the Farm Compliance Credit Administration s with the Federal Information
More informationCloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent
Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012
More information5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE
5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE 5 FAH-11 H-510 GENERAL (Office of Origin: IRM/IA) 5 FAH-11 H-511 INTRODUCTION 5 FAH-11 H-511.1 Purpose a. This subchapter implements the policy
More informationPromoting Application Security within Federal Government. AppSec DC November 13, 2009. The OWASP Foundation http://www.owasp.org
Promoting Application Security within Federal Government AppSec DC November 13, 2009 Dr. Sarbari Gupta, CISSP, CISA Founder/President Electrosoft sarbari@electrosoft-inc.com 703-437-9451 ext 12 The Foundation
More informationSecurity and Privacy Controls for Federal Information Systems and Organizations
NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems JOINT TASK FORCE TRANSFORMATION INITIATIVE This document contains excerpts from NIST Special Publication
More informationIncident Management. Verdis Spearman verdis.spearman@hq.dhs.gov 703.235.5443
Incident Management Verdis Spearman verdis.spearman@hq.dhs.gov 703.235.5443 Agenda Overview Governance Stakeholders Responsibilities Trusted Internet Connection Initiative Incident Response Requirements
More informationFinal Audit Report. Report No. 4A-CI-OO-12-014
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Subject: AUDIT OF THE INFORMATION TECHNOLOGY SECURITY CONTROLS OF THE U.S. OFFICE OF PERSONNEL MANAGEMENT'S
More informationPrivacy Impact Assessment
For: Great Lakes Computer System (GLCS) Great Lakes Educational Loan Services, Inc. (GOALS) Date: June 18, 2013 Point of Contact: Gregory Plenty (202) 377-3253 Gregory.Plenty@ed.gov System Owner: Keith
More informationInformation System Security Officer (ISSO) Guide
Information System Security Officer (ISSO) Guide Office of the Chief Information Security Officer Version 10 September 16, 2013 DEPARTMENT OF HOMELAND SECURITY Document Change History INFORMATION SYSTEM
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationPromoting Application Security within Federal Government. AppSec DC November 13, 2009. The OWASP Foundation http://www.owasp.org
Promoting Application Security within Federal Government AppSec DC November 13, 2009 Dr. Sarbari Gupta, CISSP, CISA Founder/President Electrosoft sarbari@electrosoft-inc.com 703-437-9451 ext 12 The Foundation
More informationHow To Write The Jab P-Ato Vulnerability Scan Requirements Guide
FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide Version 1.0 May 27, 2015 JAB P-ATO Vulnerability Scan Requirements Guide Page 1 Revision History Date Version Page(s) Description Author May 27,
More informationIT Security Management Risk Analysis and Controls
IT Security Management Risk Analysis and Controls Steven Gordon Document No: Revision 770 3 December 2013 1 Introduction This document summarises several steps of an IT security risk analysis and subsequent
More informationRequirements For Computer Security
Requirements For Computer Security FTA/IRS Safeguards Symposium & FTA/IRS Computer Security Conference April 2, 2008 St. Louis 1 Agenda Security Framework Safeguards IT Security Review Process Preparing
More informationHHS Information System Security Controls Catalog V 1.0
Information System Security s Catalog V 1.0 Table of Contents DOCUMENT HISTORY... 3 1. Purpose... 4 2. Security s Scope... 4 3. Security s Compliance... 4 4. Security s Catalog Ownership... 4 5. Security
More informationFederal Highway Administration (FHWA) Cybersecurity Program (CSP) Handbook
For Official Use Only Version 1 Federal Highway Administration (FHWA) Cybersecurity Program (CSP) Handbook OFFICE OF INFORMATION TECHNOLOGY SERVICES Information Technology Strategic Objective APRIL 2014
More informationCONTINUOUS MONITORING
CONTINUOUS MONITORING Monitoring Strategy Part 2 of 3 ABSTRACT This white paper is Part 2 in a three-part series of white papers on the sometimes daunting subject of continuous monitoring (CM) and how
More informationUnited States Department of Agriculture. Office of Inspector General
United States Department of Agriculture Office of Inspector General U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2013 Federal Information Security Management Act
More informationCOORDINATION DRAFT. FISCAM to NIST Special Publication 800-53 Revision 4. Title / Description (Critical Element)
FISCAM FISCAM 3.1 Security (SM) Critical Element SM-1: Establish a SM-1.1.1 The security management program is adequately An agency/entitywide security management program has been developed, An agency/entitywide
More informationChecklist to Assess Security in IT Contracts
Checklist to Assess Security in IT Contracts Federal Agencies that outsource or contract IT services or solutions must determine if security is adequate in existing and new contracts. Executive Summary
More informationEvaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
More informationComplying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance
WHITE paper Complying with the Federal Information Security Management Act How Tripwire Change Auditing Solutions Help page 2 page 3 page 3 page 3 page 4 page 4 page 5 page 5 page 6 page 6 page 7 Introduction
More informationDEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1. 12 January 2015
DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1 12 January 2015 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense
More informationDoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL
DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL Version 1.0 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD) EXECUTIVE SUMMARY The 26 June 2012 DoD
More informationAudit Report. The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013
Audit Report The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 A-14-13-13086 November 2013 MEMORANDUM Date: November 26,
More informationCompliance Overview: FISMA / NIST SP800 53
Compliance Overview: FISMA / NIST SP800 53 FISMA / NIST SP800 53: Compliance Overview With Huntsman SIEM The US Federal Information Security Management Act (FISMA) is now a key element of the US Government
More informationPrivacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015
For Person Authentication Service (PAS) Date: January 9, 2015 Point of Contact and Author: Hanan Abu Lebdeh Hanan.Abulebdeh@ed.gov System Owner: Ganesh Reddy Ganesh.Reddy@ed.gov Office of Federal Student
More informationFEDERAL HOUSING FINANCE AGENCY OFFICE OF INSPECTOR GENERAL
FEDERAL HOUSING FINANCE AGENCY OFFICE OF INSPECTOR GENERAL Clifton Gunderson LLP s Independent Audit of the Federal Housing Finance Agency s Information Security Program - 2011 Audit Report: AUD-2011-002
More informationNetwork Infrastructure - General Support System (NI-GSS) Privacy Impact Assessment (PIA)
Network Infrastructure - General Support System (NI-GSS) Privacy Impact Assessment (PIA) System Categorization: Moderate Version 1.5 May 30, 2013 Prepared by: Security & Compliance Services (SCS) and Infrastructure
More informationThe Cloud in Regulatory Affairs - Validation, Risk Management and Chances -
45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART
More informationCritical Review/Technology Assessment (CR/TA) November 2014. Cloud Computing for the Government Sector
Critical Review/Technology Assessment (CR/TA) November 2014 Cloud Computing for the Government Sector 1 Cyber Security and Information Systems Information Analysis Center (CSIAC) Assured Information Security
More informationChapter One: Cloud Computing Security Requirements Baseline
Chapter One: Cloud Computing Security Requirements Baseline Page 1 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
More informationASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT
INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA AND PACIFIC OFFICE ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT DRAFT Second Edition June 2010 3.4H - 1 TABLE OF CONTENTS 1.
More informationCybersecurity Risk Management Activities Instructions Fiscal Year 2015
Cybersecurity Risk Management Activities Instructions Fiscal Year 2015 An effective risk management program and compliance with the Federal Information Security Management Act (FISMA) requires the U.S.
More informationReview of the SEC s Systems Certification and Accreditation Process
Review of the SEC s Systems Certification and Accreditation Process March 27, 2013 Page i Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy
More informationU.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment
U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE Privacy Impact Assessment Enterprise Software Services PTOI-020-00 July 8, 2015 Privacy Impact Assessment This Privacy Impact Assessment
More informationSecurity Control Standards Catalog
Security Control Standards Catalog Version 1.2 Texas Department of Information Resources April 3, 2015 Contents About the Security Control Standards Catalog... 1 Document Life Cycle... 1 Revision History...
More informationAF Life Cycle Management Center
AF Life Cycle Management Center Avionics Weapon Systems Cybersecurity Risk Management Framework Assessment & Authorization Update Harrell Van Norman AFLCMC/EZAS Cybersecurity Technical Expert aflcmc.en-ez.weapon.systems.ia.team@us.af.mil
More information2012 FISMA Executive Summary Report
2012 FISMA Executive Summary Report March 29, 2013 UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 OI'!'ICEOI' lnstfl! C1'0R GENERAt MEMORANDUM March 29,2013 To: Jeff Heslop, Chief
More informationSecurity Self-Assessment Tool
Security Self-Assessment Tool State Agencies Receiving FPLS Information, 7/15/2015 Contents Overview... 2 Access Control (AC)... 3 Awareness and Training (AT)... 8 Audit and Accountability (AU)... 10 Security
More informationContinuous Monitoring Strategy & Guide
Version 1.1 July 27, 2012 Executive Summary The OMB memorandum M-10-15, issued on April 21, 2010, changed from static point in time security authorization processes to Ongoing Assessment and Authorization
More informationFinal Audit Report -- CAUTION --
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management
More informationCloud Assessments. Federal Computer Security Managers Forum. John Connor, IT Security Specialist, OISM, NIST. Meeting.
Cloud Assessments SaaS Email Working Group John Connor, IT Security Specialist, OISM, NIST Meeting August, 2015 Background Photo - JILA strontium atomic clock (a joint institute of NIST and the University
More informationINFORMATION PROCEDURE
INFORMATION PROCEDURE Information Security Incident Response Procedures Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INCIDENT RESPONSE
More informationSecurity Features in Password Manager
Security Features in Written by Einar Mykletun, Ph.D. security and compliance architect for research and development at Dell Introduction Information system security is a priority for every organization,
More informationFY 2015 Inspector General Federal Information Security Modernization Act Reporting Metrics V1.2
FY 2015 Inspector General Federal Information Security Modernization Act Reporting Metrics V1.2 Prepared by: U.S. Department of Homeland Security Office of Cybersecurity and Communications Federal Network
More informationSecurity Guide for ActiveRoles Server 6.1
Security Guide for ActiveRoles Server 6.1 Written by Einar Mykletun, Ph.D Security and Compliance Architect Quest Software, Inc. Technical Brief 2009 Quest Software, Inc. ALL RIGHTS RESERVED. This document
More informationInformation Assurance in the Cloud
Information Assurance in the Cloud The Status of FedRAMP, April 2013 AGA - Montgomery/Prince George s Chapter cliftonlarsonallen.com Session Outline 1. Cloud Services in Federal Government The Opportunity
More informationINFORMATION TECHNOLOGY SECURITY POLICY 60-702. Table of Contents
Department of Commerce National Oceanic & Atmospheric Administration National Weather Service NATIONAL WEATHER SERVICE INSTRUCTION 60-702 December 21, 2009 Information Technology INFORMATION TECHNOLOGY
More informationLots of Updates! Where do we start?
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project Management Community Meeting October 18, 2011 .
More informationPrivacy Impact Assessment. For ecampus-based System (e/cb) Date: April 26, 2014. Point of Contact: Calvin Whitaker Calvin.Whitaker@ed.
For ecampus-based System (e/cb) Date: April 26, 2014 Point of Contact: Calvin Whitaker Calvin.Whitaker@ed.gov System Owner: Keith Wilson Keith.Wilson@ed.gov Author: Calvin Whitaker Office of Federal Student
More informationIT Compliance in Acquisition Checklist v3.5 Page 1 of 7
IT Compliance in Acquisition Checklist v3.5 Page 1 of 7 Instructions: This IT checklist, with appropriate signatures, must be completed for Information Technology (IT) acquisitions within the Department
More informationDEPARTMENT OF VETERANS AFFAIRS VA HANDBOOK 6500.5 INCORPORATING SECURITY AND PRIVACY INTO THE SYSTEM DEVELOPMENT LIFE CYCLE
DEPARTMENT OF VETERANS AFFAIRS VA HANDBOOK 6500.5 Washington, DC 20420 Transmittal Sheet March 22, 2010 INCORPORATING SECURITY AND PRIVACY INTO THE SYSTEM DEVELOPMENT LIFE CYCLE 1. REASON FOR ISSUE: This
More informationDoD Cloud Computing Security Requirements Guide (SRG) Overview
DoD Cloud Computing Security Requirements Guide (SRG) Overview 1 General SRG Information Released 12 January 2015 Version 1, release 1 Provides comprehensive security guidance for components (missions)
More informationHow To Improve Federal Network Security
Department of Federal Network Trusted Internet Connections (TIC) Update for the Information and Privacy Advisory Board July 29, 2009 Federal Network (FNS) Federal Network Branch Branch Vision: To be the
More informationVA Enterprise Design Patterns: 6. Cloud Computing 6.1 Enterprise Cloud Services Broker
VA Enterprise Design Patterns: 6. Cloud Computing 6.1 Enterprise Cloud Services Broker Office of Technology Strategies (TS) Architecture, Strategy, and Design (ASD) Office of Information and Technology
More informationSection 37.1 Purpose... 1. Section 37.2 Background... 3. Section 37.3 Scope and Applicability... 4. Section 37.4 Policy... 5
CIOP CHAPTER 37 Departmental Cybersecurity Policy TABLE OF CONTENTS Section 37.1 Purpose... 1 Section 37.2 Background... 3 Section 37.3 Scope and Applicability... 4 Section 37.4 Policy... 5 Section 37.5
More informationSpillage and Cloud Computing
Spillage and Cloud Computing Presented to the Information Security and Privacy Advisory Board (ISPAB) A Review in Collaboration with the Federal Chief Information Council (FCIOC) Information Security and
More informationIn Brief. Smithsonian Institution Office of the Inspector General
In Brief Smithsonian Institution Office of the Inspector General Smithsonian Institution Network Infrastructure (SINet) Report Number A-09-01, September 30, 2009 Why We Did This Audit Under the Federal
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationPrivacy Impact Assessment (PIA) for the. Certification & Accreditation (C&A) Web (SBU)
Privacy Impact Assessment (PIA) for the Cyber Security Assessment and Management (CSAM) Certification & Accreditation (C&A) Web (SBU) Department of Justice Information Technology Security Staff (ITSS)
More informationFINAL Version 2.0 September 20, 2013
CENTERS for MEDICARE & MEDICAID SERVICES Enterprise Information Security Group 7500 Security Boulevard Baltimore, Maryland 21244-1850 Standard: CMS Information Security, CMS Minimum Security Requirements
More informationSecurity Control Standard
Department of the Interior Security Control Standard Maintenance January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information Officer
More informationFISMA NIST 800-53 (Rev 4) Audit and Accountability: Shared Public Cloud Infrastructure Standards
FISMA NIST 800-53 (Rev 4) Audit and Accountability: Shared Public Cloud Infrastructure Standards Standard Requirement per NIST 800-53 (Rev. 4) CloudCheckr Action AU-3/ AU3(1) AU-3 CONTENT OF AUDIT RECORDS
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationHow to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing
How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov
More informationPro p ose d Se c urity Assessm e nt & A uth oriz a tio n for U.S. G o v ern m e nt C lo u d C o m p utin g
! Pro p ose d Se c urity Assessm e nt & A uth oriz a tio n for U.S. G o v ern m e nt C lo u d C o m p utin g!!!! Dr a ft v ersio n 0.96 N o v e m b er 2, 2010!!!! Pre f a c e! Proposed Security Assessment
More informationMeasure More, Spend Less. Better Security
Measure More, Spend Less ON THE WAY TO Better Security For: Information Security Officers of the State of California Presented by: John Streufert US Department of State February 25, 2010 State Department
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationSecurity Control Standard
Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,
More informationHow To Check If Nasa Can Protect Itself From Hackers
SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration
More information