May 29-30, 2019

Implement New NIST RMF & Meet 2019 FISMA Metrics


 Event Page


  Day 1: Wednesday, May 29
   8:00AM Registration Opens/Continental Breakfast
   8:30AM Seminar Overview and Introductions
9:15AM Review of New Requirements – Presidential, OMB, DHS and NIST
  • President’s Executive Order 13800
  • OMB Memos (HVA Framework – OMB M-17-09, 2019 FISMA Guidance, Privacy Reporting and On-Going Authorization, A-130)
  • DHS BODs
  • Risk Management Framework (RMF) – SP800-37
  • Cybersecurity Framework (CSF) – NIST CSF
 10:00AM Coffee Break
10:10AM Authorization Boundary Identification
  • Group Real-World System Identification – Using Attendees’ System
  • Authorization Boundary Identification Exercise
 11:00AM NIST Special Publications Update
  Guest Speaker:  Victoria Yan Pillitteri, CISSP, Senior Information Security Specialist, National Institute of Standards and Technology (NIST)
 12:00PM Lunch
 1:00PM Cybersecurity Performance Insights and Data Analytics
  Guest Speaker: Jennifer Oar, Business Intelligence and Advanced Data Analytics Section Chief, Cybersecurity Performance Management (CPM) Branch, Federal Network Resilience (FNR) Division, Cybersecurity Infrastructure Security Agency (CISA)
   2:00PM Break
   2:10PM System Categorization
  • Categorize Real-World System Exercise
  • Boundary and Control Review
2:45PM Simplified Risk Assessments
  • Risk Modeling:  Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
  • Categorization – FIPS-199/SP800-60
  • System Maximum Impact Level – SP800-30/SP800-39/SP800-60
  • Security Control Baseline/Best Practices – FIPS 200/SP800-53
3:45PM Adjourn
  Day 2: Thursday, May 30
8:00AM Continental Breakfast
8:30AM Security Controls
9:00AM Security Control Selection and Tailoring
  • Security Control Tailoring Exercise
 10:00AM Coffee Break
 10:10AM Compensating Control Exercises  
 11:00AM Leverage Government Initiatives
  • Security Content Automation Protocol (SCAP)
  • DoD Host-Based Security System (HBSS) Solutions
  • Assured Compliance Assessment Solution (ACAS)
  • Continuous Diagnostics and Mitigation (CDM) Program
  • Continuous Monitoring Dashboard
  • Bonding Operational Directives (BOD), EINSTEIN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene
  • Reviews
 12:00PM Lunch
1:00PM Consolidated System Security Plan Example
  Guest Speaker:  Thomas Mason, CISSP, Information System Security Officer, Electronic Research Administration, National Institutes of Health (NIH)
2:00PM Break
2:10PM Security Plans
  • Operations Manual and System Security Plan (SSP) – SP800-18
  • Security-focused Configuration Management Plan (SecCMP) – SP800-128
  • Patch Management Plan (PMP) – SP800-40
  • Information Security Control Monitoring Plan (ISCMP) – SP800-137
  • Incident Response Plan (IRP) – SP800-61/SP800-83
  • Contingency Plan (CP) – SP800-34
  • Cybersecurity Framework and Privacy Control Framework
3:10PM Clouds, Security Services, and Common Controls
  • Clouds – FedRAMP
  • Security Services – CDM
  • System Specific, Common and Hybrid – SP800-37
3:30PM Summary
3:45PM Adjourn
  Note: Many products will be noted, but noting them is not an endorsement.