November 5-6, 2018

Implementing 2018 FISMA and Federal Cyber security Changes


Event Page


  Day 1: Monday, November 5
   8:00AM Registration Opens/Continental Breakfast
   8:30AM Seminar Overview and Introductions
   9:15AM Changes – Presidential, OMB, DHS and NIST
 10:00AM Coffee Break
 10:10AM Cybersecurity Frameworks
  • Risk Management Framework (RMF) – SP800-37
  • Department of Defense (DoD) RMF – DoDI 8500.01/DoDI 8510.01/CNSSI-1253
  • System Development Life Cycle (SDLC) – SP800-64
  • Cybersecurity Framework (CSF) – NIST CSF
  • System Security Engineering Framework (SSEF) – SP800-160
  • High Value Asset Process Framework – OMB M-17-09
  • Discussion on Consolidation Potentials
 11:00AM NIST Special Publications Update
  Guest Speakers:  Kelley Dempsey, Senior Information Security Specialist & Ned Goren, Information Security Researcher, National Institute of Standards and Technology (NIST)
 12:00PM Lunch
 1:00PM DHS Cybersecurity Initiatives Update
  Guest Speaker: Craig J. Chase, MS, CISSP, National Protection and Programs Directorate, Office of Cybersecurity and Communications, Federal Network Resilience (FNR) Division, Cybersecurity Performance Management Branch (CPM), Department of Homeland Security
   2:00PM Break
   2:10PM Security Plans
  • System Security Plan (SSP) – SP800-18
  • Information Security Control Monitoring Plan (ISCMP) – SP800-137
  • Incident Response Plan (IRP) – SP800-61/SP800-83
  • Contingency Plan (CP) – SP800-34
  • Security-focused Configuration Management Plan (SecCMP) – SP800-128
  • Patch Management Plan (PMP) – SP800-40
  • Discussion on Consolidation Potentials
2:45PM Simplified Risk Assessments
  • Risk Modeling:  Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
  • Categorization – FIPS-199/SP800-60
  • System Maximum Impact Level – SP800-30/SP800-39/SP800-60
  • Security Control Baseline/Best Practices – FIPS 200/SP800-53
3:45PM Adjourn
  Day 2: Tuesday, November 6
8:00AM Continental Breakfast
8:30AM Automated Tools Simplified
  • Security Content Automation Protocol (SCAP)
  • DoD Host-Based Security System (HBSS) Solutions
  • Assured Compliance Assessment Solution (ACAS)
  • Continuous Diagnostics and Mitigation (CDM) Program
  • Continuous Monitoring Dashboard
9:30AM Automated Tool Deployment
 10:00AM Coffee Break
 10:10AM DHS Activities
  • EINSTIEN, Trusted Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene Reviews
  • Discussion on Potential Leveraging
 11:00AM Real-World Implementation Example
  Guest Speakers: Dawn Gonchar, eRA Security Team, Office of Extramural Research and Thomas Mason, CISSP, Information System Security Officer, Electronic Research Administration, National Institutes of Health (NIH)
 12:00PM Lunch
1:00PM Clouds, Security Services and Common Controls
  • Clouds – FedRAMP
  • Security Services – CDM
  • System Specific, Common and Hybrid – SP800-37
2:00PM Break
2:10PM Identify Future Potentials and Requirements – Exercise and Discussion
3:30PM Summary
3:45PM Adjourn
  Note: Many products will be noted, but noting them is not an endorsement.