Request for Records Disposition Authority



Similar documents
Request for Records Disposition Authority

National Cybersecurity Protection System (NCPS)

Network Security Deployment (NSD)

Network Security Deployment Obligation and Expenditure Report

Request for Records Disposition Authority

US-CERT Year in Review. United States Computer Emergency Readiness Team

Request for Records Disposition Authority

Request for Records Disposition Authority

EINSTEIN 3 - Accelerated (E 3 A)

The Comprehensive National Cybersecurity Initiative

Request for Records Disposition Authority

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

Preventing and Defending Against Cyber Attacks November 2010

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Department of Homeland Security

Working with the FBI

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

NASA OFFICE OF INSPECTOR GENERAL

Preventing and Defending Against Cyber Attacks June 2011

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

Department of Homeland Security Federal Government Offerings, Products, and Services

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION. Records Schedules; Availability and Request for Comments

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

How To Audit The Mint'S Information Technology

Combating a new generation of cybercriminal with in-depth security monitoring

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Privacy Impact Assessment for EINSTEIN 2. May 19, Contact Point United States Computer Emergency Readiness Team (US-CERT) (888)

24x7 Incident Handling and Response Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Office of Inspector General

National Initiative for Cybersecurity Education

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Cyber Security Metrics Dashboards & Analytics

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Resources and Capabilities Guide

Network Service, Systems and Data Communications Monitoring Policy

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Privacy Impact Assessment EINSTEIN Program

Department of Defense DIRECTIVE

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Compliance Overview: FISMA / NIST SP800 53

Request for Records,...D-is_p_o_s-it-io_n_A_u_t_h_o-ri_ty... ~ Le_a_v_e-B-Ia_n_k-(N_A_RA--Us_e_O_nl-y)--1

An Overview of Large US Military Cybersecurity Organizations

Protecting critical infrastructure from Cyber-attack

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

How To Improve Federal Network Security

INFRAGARD.ORG. Portland FBI. Unclassified 1

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Win the race against time to stay ahead of cybercriminals

DHS, National Cyber Security Division Overview

Visualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC

Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

CERT.AZ description as per RfC 2350

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

SIEM is only as good as the data it consumes

NSA Surveillance, National Security and Privacy

Legislative Language

Transcription:

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION. Records Schedule: DAA-0563 2013 0008 Records Schedule Number Schedule Status DAA-0563-2013-0008 Approved Agency or Establishment Record Group I Scheduling Group Records Schedule applies to Major Subdivision Schedule Subject Internal agency concurrences will be provided Department of Ho.meland Security General Records of the Department of Homeland Security Major Subdivsion National Protection and Programs Directorate (NPPD) National Cybersecurity Protection System (NCPS) No Background Information The National Cybersecurity Protection System (NCPS) is an integrated system of intrusion detection, analytics, intrusion prevention, and information sharing capabilities. These capabilities provide a technological foundation for defending the federal civilian government's information technology infrastructure against advanced cyber threats. NCPS, which is delivered through a combination of hardware, software, and managed security services, advances the Department of Homeland Security (DHS) responsibilities for meeting the cybersecurity mission requirements as delineated in the Comprehensive National Cybersecurity Initiative (CNCI). NCPS capabilities of information sharing, analysis, and detection ~ and prevention rely on tight collaboration and integration with cross Federal stakeholders in order to support the defense of the underlying networks. The analysis of the network monitoring traffic data provides valuable cyber incident information and generates situational awareness and decision support data that is used by incident response teams, government critical infrastructure organizations, and national leadership. Response teams use the information to thwart cyber-attacks, to point to the origins of the attack, and respond to the attacks in a timely manner. Executive managers and national leaders make valuable decisions on what policies and resources are needed in order to respond to and prevent the current and future attacks. NCPS capabilities span five broad technology areas: DETECTION: Enables DHS to detect malicious activity as it transits in and out of federal civilian information technology {IT) networks. Electronic Records Archives Page 1 of 9 PDF Created on: 01/26/2015

Item Count Records Schedule: DAA..Q563-2013-0008 ANAL YTICS: Provides DHS analysts with the ability to compile and analyze information about cyber activity and inform Federal, state and local government agencies, private sector partners, infrastructure owners and operators, and the public about current and potential c. cybersecurity threats and vulnerabilities. INFORMATION SHARING: Establishes a flexible set of capabilities, implemented at multiple classification levels that will allow for the rapid exchange of cyber threat and cyber incident information among DHS cyber security analysts and their cy~ersecurity partners. PREVENTION: Advances the protection of federal civilian departments and agencies by providing active network defense capabilities and the ability to prevent and limit malicious activities from penetrating federal networks and systems. CORE INFRASTRUCTURE: Includes; the classified and unclassified Mission Operating Environment and communications infrastructure, including operations services, development and testing, and incident management systems. Number of Total Disposition Number of Permanent Number of Number of Withdrawn Items Disposition Items Disposition Items Disposition Items 6 0 6 0 Electronic Records Archives Page 2 of9 PDF Created on: 01/26/2015

Records Schedule: DAA..Q563-2013-0008 Outline of Records Schedule Items for DM-0563-2013-0008 Sequence Number 1.1 1.2 1.3 1.4 1.5 2 2.1 Master File/ Data Core Infrastructure (MOE, E3A MOE, Incident Management System, Dev/Test E nvironment) : DAA-0563-2013-0008-0001 Intrusion Detection (EINSTEIN 1, EINSTEIN 2, pons) : DAA-0563-2013-0008-0002 Intrusion Prevention (E3A) : DAA-0563-2013-0008-0003 Analysis (PCAP, SIEM, EADB, AMAC, Digital Media Analysis Environment) : DAA-0563-2013-0008-0004 Information Sharing (CyberScope, US-CERT.gov Website and US-CERT Portal, CIR/CIAP) : DAA-0563-2013-0008-0005 Output Analysis and reports on data which may be relayed to other compo nents within C S&C or to systems in organizations other than the NCPS. : DAA-0563-2013-0008-0006 Elec::tronic Records Archives Page 3of9 PDF Created on: 01/26/2015

Records Schedule: DAA-0563-2013 0008 Records Schedule Items Sequence Number 1.1 Master File/ Data Core Infrastructure (MOE, E3A MOE, Incident Management System, Dev/Test Environment) DAA-0563-20 13-0008-0001 Data collected includes: Individual's contact information and the nature of the concern. Suspicious files, spam, and other potential cyber threats via an email network, exclusively used within the MOE Synthetic cyber threat data Do any ofthe records covered electronic format(s) other than e- Cutoff at date of receipt. Destroy or delete when 3 years old or when no longer 1.2 Intrusion Detection (EINSTEIN 1, EINSTEIN 2, pons) DAA-0563-2013-0008-0002 Data collected includes: Netflow records Information relating to DNS queries that is captured by collecting the requests and responses from the DNS servers Alerts when a pre-defined specific cyber threat is detected and provides the US-CERT with increased insight into the nature of that activity Custom signatures based upon known or suspected cyber threats Electronic Records Archives Page 4 of9 PDF Created on: 01/26/2015

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Records Schedule: DAA-0563 2013 0008 electronic format(s) other than e- Cutoff at date of receipt. Destroy or delete when 3 years old or when no longer 1.3 Intrusion Prevention (E3A) DAA-0563-2013-0008-0003 Indicators of known or suspected cyber threats Indicator reports electronic format(s) other thanemail and word processing? Cutoff at date of receipt. De.stroy or delete when 3 years old or when no longer 1.4 Analysis (PCAP, SIEM, EADB, AMAC, Digital Media Analysis Environment) DAA-0563-2013-0008-0004 Metadata derived from the PCAP analysis may contain em.ail addresses and IP addresses. Database for supporting commercially available visualization Electronic Records Archives Page 5 of 9 PDF Created on: 01/26/2015

Records Schedule: DAA-0563-2013 0008 and analytical tools that allow US-CERT analysts to quickly visualize relevant relationships between disparate data and indicators of interest by presenting drilldown views of data with patterns, trends, series, and associations to analyze seemingly unrelated data Digital Media Analysis envimnment is a segregated, closed, computer network system that is used to conduct timely investigative analysis of digital devices and their storage mediums in support of US-CERT staff and constituent The AMAC, receives information about computer security vulnerabilities and threats in the form of actual malicious code submitted to US CERT. electronic format(s) other than e- Cutoff on date of receipt. Destroy or delete when 3 years old or when no longer 1.5 Information Sharing (CyberScope, US-CERT.gov Website and US-CERT Portal, CIR/CIAP) DAA-0563-2013-0008-0005 0/A FISMA reporting data The US-CERT.gov website allows for the dissemination of general information to the public about US-CERT and its activities, as well as information pertinent to the discipline of cybersecurity. Additionally, the website is the primary means for members of the public to interact with US-CERT, request information, and report incidents (4 forms - CSET, ICSJWG, NCAS, and Report form) CIR/CIAP is a common repository for sightings and indicators. Electronic Records Archives Page 6 of9 PDF Created on: 01/26/2015

Records Schedule: DAA-0563-2013-0008 electronic format(s) other thane Cutoff on date of receipt. Destroy or" delete when 3 years old or when no longer 2 Output 2.1 Analysis and reports on data which may be relayed to other components within CS&C or to systems in organizations other than the NCPS. DAA-0563-2013-0008-0006 Analyze data quality and utility; Analyze data to establish trends and patterns for future enforcement actions; and Other analytic functions in support of DHS cybersecurity and other mission related purposes. Do any ofthe records covered electronic format(s) other thane- Cutoff on date of receipt or creation. Destroy or delete when 5 years old or when no longer Electronic Records Archives Page 7 of9 PDF Created on: 01/26/2015

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Records Schedule: DAA-0563 2013 0008 Agency Certification I hereby certify that I am authorized to act for this agency in matters pertaining to the disposition of its records and that the records proposed for disposal in this schedule are not now needed for the business of the agency or will not be needed after the retention periods specified. Signatory Information Date Action By Title Organization 09/16/2013 Return to Submitte r Tammy Hudson Acting Records Offic er 09/24/2013 Certify Tammy Hudson Acting Records Offic er 12/22/2014 Submit for Concur renee 12/29/2014 Concur Margaret Hawkins 01/08/2015 Concur Laurence Brewer CIO- ESDO CIO- ESDO Erin Cayce Appraiser National Archives and Records Administration - Records Management Services Director of Records Management Servic es Director, National R ecords Management Program 01/12/2015 Approve David Ferriera Archivist of the Unite d States National Records Management Program - Records Management Services National Archives and Records Administration - National Records Management Program Office of the Archivist- Office of the Archivist Electronic Records Archives Page 8 of9 PDF Created on: 01/26/2015

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information