Day 1: Monday, September 21
|
8:00AM |
Seminar Overview and Introductions |
8:30AM |
Review of New Requirements – Presidential, OMB, DHS and NIST |
|
- President’s Executive Order 13800
- OMB Memos (HVA Framework – OMB M-17-09, 2019 FISMA Guidance, Privacy Reporting and On-Going Authorization, A-130)
- DHS BODs
- Risk Management Framework (RMF) – SP800-37
- Cybersecurity Framework (CSF) – NIST CSF
|
9:50AM |
Morning Break |
10:00AM |
NIST Special Publications Update |
|
Guest Speakers: Eduardo Takamura, CISSP, MA, Information Security Specialist, National Institute of Standards and Technology (NIST) |
11:10AM |
Authorization Boundary Identification |
|
- Group Real-World System Identification – Using Attendees’ System
- Authorization Boundary Identification Exercise
|
12:00PM |
Lunch Break |
1:00PM |
DHS Cybersecurity Initiatives Update |
|
Guest Speaker: Frank Husson, Insights Branch Chief, Cyber Security Division (CSD), U.S. Department of Homeland Security (DHS) |
2:00PM |
Afternoon Break |
2:10PM |
System Categorization |
|
- Categorize Real-World System Exercise
- Boundary and Control Review
|
2:45PM |
Simplified Risk Assessments |
|
- Risk Modeling: Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
- Categorization – FIPS-199/SP800-60
- System Maximum Impact Level – SP800-30/SP800-39/SP800-60
- Security Control Baseline/Best Practices – FIPS 200/SP800-53
|
3:45PM |
Adjourn |
|
Day 2: Tuesday, September 22
|
8:00AM |
Security Controls (SP800-53)
- Families
- Specific, Common and Hybrid
- Tailoring
|
9:00AM |
Security Control Exercises |
|
- Specific, Common and Hybrid Security Control Exercises
|
10:00AM |
Morning Break |
10:10AM |
Tailoring and Compensating Control Exercises |
11:00AM |
Leverage Government Initiatives |
|
- Security Content Automation Protocol (SCAP)
- DoD Host-Based Security System (HBSS) Solutions
- Assured Compliance Assessment Solution (ACAS)
- Continuous Diagnostics and Mitigation (CDM) Program
- Continuous Monitoring Dashboard
- Bonding Operational Directives (BOD), EINSTEIN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene
- Reviews
|
12:00PM |
Lunch Break |
1:00PM |
Security Plans – SP800-18 |
|
- Operations Manual and System Security Plan (SSP) – SP800-18
- Security-focused Configuration Management Plan (SecCMP) – SP800-128
- Patch Management Plan (PMP) – SP800-40
- Information Security Control Monitoring Plan (ISCMP) – SP800-137
- Incident Response Plan (IRP) – SP800-61/SP800-83
- Contingency Plan (CP) – SP800-34
- Cybersecurity Framework and Privacy Control Framework
|
1:50PM |
Afternoon Break |
2:00PM |
Clouds, Security Services |
3:00PM |
Cloud Accreditation and Reaccreditation Processes – FedRAMP |
|
Guest Speaker: Ryan Hoesing, Customer Success Manager, Federal Risk Accreditation Management Program (FedRAMP) |
3:30PM |
Summary |
3:45PM |
Adjourn |
Note: Many products will be noted, but noting them is not an endorsement. |