September 19-20, 2017

Implementing 2017 FISMA and Federal Cyber security Changes

 

Event Page

agenda

  Day 1: Tuesday, September 19
8:00 Registration Opens/Continental Breakfast
8:30  Seminar Overview and Introductions
 9:15 Changes – Presidential and NIST
10:00 Coffee Break
 10:10 Cybersecurity Frameworks
 
  • Risk Management Framework (RMF) – SP800-37
  • Department of Defense (DoD) RMF – DoDI 8500.01/DoDI 8510.01/CNSSI-1253
  • System Development Life Cycle (SDLC) – SP800-64
  • Cybersecurity Framework (CSF) – NIST CSF
  • System Security Engineering Framework (SSEF) – SP800-160
  • High Value Asset Process Framework  – OMB M-17-09
  • Discussion on Consolidation Potentials
 11:10  Security Plans
 
  • System Security Plan (SSP) – SP800-18
  • Information Security Control Monitoring Plan (ISCMP) – SP800-137
  • Incident Response Plan (IRP) – SP800-61/SP800-83
  • Contingency Plan (CP) – SP800-34
  • Security-Focused Configuration Management Plan (SecCMP) – SP800-128
  • Patch Management Plan (PMP) – SP800-40
  • Discussion on Consolidation Potentials
12:00 Lunch
1:00 NIST Special Publications Update
2:00 Break
2:10 Simplified Risk Assessments
 
  • Risk Modeling: Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
  • Categorization – FIPS-199/SP800-60
  • System maximum Impact Level – SP800-30/SP800-39/SP800-60
  • Security Control Baseline/Best Practices – FIPS 200/SP800-53
2:45 DHS Cybersecurity Initiatives Update
  Guest Speaker: Nancy Lim, CISSP, DHS FNR Senior Advisor, CS&C Principal Liaison to OMB E-Gov Cyber, U.S. Department of Homeland Security (DHS)
3:45 Adjourn
   
  Day 2: Wednesday, September 20
 8:00 Continental Breakfast
8:30 Automated Tools Simplified
 
  •  Security Content Automation Protocol (SCAP)
  • DoD Host-Based Security System (HBSS) Solutions
  • Assured Compliance Assessment Solution (ACAS)
  • Continuous Diagnostics and Mitigation (CDM) Program
  • Continuous Monitoring Dashboard
9:30 Automated Tool Deployment
10:00 Break
10:10 Potential Automated Continuous Authorization Processes
 
  • System Strategies and Options
  • Agency Enterprise Strategies and Options
  • Federal Enterprise Strategies and Options
11:00 DHS Activities
 
  • EINSTIEN, Trusted Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene Reviews
  • Discussion on Potential Leveraging
12:00 Lunch
1:00 Clouds, Security Services and Common Controls
 
  • Clouds – FedRAMP
  • Security Services – CDM
  • System Specific, Common and Hybrid – SP800-37
2:00 Break
2:10
  • “…show preferences in… cloud, and cybersecurity services.”
  • Identify Future Potentials and Requirements – Exercise and Discussion
3:30 Summary
3:45 Adjourn
  Note: Many products will be noted, but noting them is not an endorsement.