JANUARY 26-27, 2021

Implement the New NIST RMF Standards and Meet the 2021 FISMA Metrics

 

  EVENT PAGE 

agenda

Day 1: Tuesday, January 26
8:00AM Seminar Overview and Introductions
8:30AM Review of New Requirements – Presidential, OMB, DHS and NIST
  
  • President’s Executive Order 13800
  • OMB Memos (HVA Framework – OMB M-17-09, 2019 FISMA Guidance, Privacy Reporting and On-Going Authorization, A-130)
  • DHS BODs
  • Risk Management Framework (RMF) – SP800-37
  • Cybersecurity Framework (CSF) – NIST CSF
 9:50AM Morning Break
 10:00AM NIST Special Publications Update
  Guest Speakers: Victoria Yan Pillitteri, CISSP, Senior Information Security Specialist and Eduardo Takamura, CISSP, MA, Information Security Specialist, National Institute of Standards and Technology (NIST)
11:10AM Authorization Boundary Identification
 
  • Attendee Real-World System Identification – Using Attendees’ System
  • Authorization Boundary Identification Exercise
 12:00PM Lunch Break
 1:00PM DHS Cybersecurity Initiatives Update
  Guest Speaker: Fabion (Frank) Husson, Insights Branch Chief, Cyber Security Division (CSD), U.S. Department of Homeland Security (DHS)
   2:00PM Afternoon Break
   2:10PM System Categorization
 
  • Categorize Real-World System Exercise
  • Boundary and Control Review
2:45PM Simplified Risk Assessments
 
  • Risk Modeling:  Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
  • Categorization – FIPS-199/SP800-60
  • System Maximum Impact Level – SP800-30/SP800-39/SP800-60
  • Security Control Baseline/Best Practices – FIPS 200/SP800-53
4:00PM Adjourn
 
Day 2: Wednesday, January 27
8:00AM Security Controls (SP800-53)

  • Families
  • Specific, Common and Hybrid
  • Tailoring
9:00AM Security Control Exercises
 
  • Specific, Common and Hybrid Security Control Exercises
 10:00AM Morning Break
 10:10AM Tailoring and Compensating Control Exercises  
 11:00AM Leverage Government Initiatives
 
  • Security Content Automation Protocol (SCAP)
  • DoD Host-Based Security System (HBSS) Solutions
  • Assured Compliance Assessment Solution (ACAS)
  • Continuous Diagnostics and Mitigation (CDM) Program
  • Continuous Monitoring Dashboard
  • Bonding Operational Directives (BOD), EINSTEIN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene
  • Reviews
 12:00PM Lunch Break
1:00PM Security Plans – SP800-18
 
  • Operations Manual and System Security Plan (SSP) – SP800-18
  • Security-focused Configuration Management Plan (SecCMP) – SP800-128
  • Patch Management Plan (PMP) – SP800-40
  • Information Security Control Monitoring Plan (ISCMP) – SP800-137
  • Incident Response Plan (IRP) – SP800-61/SP800-83
  • Contingency Plan (CP) – SP800-34
  • Cybersecurity Framework and Privacy Control Framework
1:50PM Afternoon Break
2:00PM Clouds and Security Services
3:00PM Cloud Accreditation and Reaccreditation Processes – FedRAMP
  Guest Speaker:  Ryan Hoesing, Customer Success Manager, Federal Risk Accreditation Management Program (FedRAMP)
3:30PM Summary
4:00PM Adjourn
Note: Many products will be noted, but noting them is not an endorsement.