Day 1: Monday, September 21
|
| 8:00AM |
Seminar Overview and Introductions |
| 8:30AM |
Review of New Requirements – Presidential, OMB, DHS and NIST |
| |
- President’s Executive Order 13800
- OMB Memos (HVA Framework – OMB M-17-09, 2019 FISMA Guidance, Privacy Reporting and On-Going Authorization, A-130)
- DHS BODs
- Risk Management Framework (RMF) – SP800-37
- Cybersecurity Framework (CSF) – NIST CSF
|
| 9:50AM |
Morning Break |
| 10:00AM |
NIST Special Publications Update |
| |
Guest Speakers: Victoria Yan Pillitteri, CISSP, Senior Information Security Specialist, National Institute of Standards and Technology (NIST) and Eduardo Takamura, CISSP, MA, Information Security Specialist, National Institute of Standards and Technology (NIST) |
| 11:10AM |
Authorization Boundary Identification |
| |
- Group Real-World System Identification – Using Attendees’ System
- Authorization Boundary Identification Exercise
|
| 12:00PM |
Lunch Break |
| 1:00PM |
DHS Cybersecurity Initiatives Update |
| |
Guest Speaker: Fabion (Frank) Husson, Insights Branch Chief, Cyber Security Division (CSD), U.S. Department of Homeland Security (DHS) (Invited) |
| 2:00PM |
Afternoon Break |
| 2:10PM |
System Categorization |
| |
- Categorize Real-World System Exercise
- Boundary and Control Review
|
| 2:45PM |
Simplified Risk Assessments |
| |
- Risk Modeling: Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
- Categorization – FIPS-199/SP800-60
- System Maximum Impact Level – SP800-30/SP800-39/SP800-60
- Security Control Baseline/Best Practices – FIPS 200/SP800-53
|
| 3:45PM |
Adjourn |
| |
Day 2: Tuesday, September 22
|
| 8:00AM |
Security Controls (SP800-53)
- Families
- Specific, Common and Hybrid
- Tailoring
|
| 9:00AM |
Security Control Exercises |
| |
- Specific, Common and Hybrid Security Control Exercises
|
| 10:00AM |
Morning Break |
| 10:10AM |
Tailoring and Compensating Control Exercises |
| 11:00AM |
Leverage Government Initiatives |
| |
- Security Content Automation Protocol (SCAP)
- DoD Host-Based Security System (HBSS) Solutions
- Assured Compliance Assessment Solution (ACAS)
- Continuous Diagnostics and Mitigation (CDM) Program
- Continuous Monitoring Dashboard
- Bonding Operational Directives (BOD), EINSTEIN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene
- Reviews
|
| 12:00PM |
Lunch Break |
| 1:00PM |
Security Plans – SP800-18 |
| |
- Operations Manual and System Security Plan (SSP) – SP800-18
- Security-focused Configuration Management Plan (SecCMP) – SP800-128
- Patch Management Plan (PMP) – SP800-40
- Information Security Control Monitoring Plan (ISCMP) – SP800-137
- Incident Response Plan (IRP) – SP800-61/SP800-83
- Contingency Plan (CP) – SP800-34
- Cybersecurity Framework and Privacy Control Framework
|
| 1:50PM |
Afternoon Break |
| 2:00PM |
Clouds, Security Services |
| 3:00PM |
Cloud Accreditation and Reaccreditation Processes – FedRAMP |
| |
Guest Speaker: Federal Risk Accreditation Management Program (FedRAMP) Office (Invited) |
| 3:30PM |
Summary |
| 3:45PM |
Adjourn |
| Note: Many products will be noted, but noting them is not an endorsement. |
