February 27-28, 2018

Implementing 2018 FISMA and Federal Cyber security Changes


Event Page


  Day 1: Tuesday, February 27
   8:00AM Registration Opens/Continental Breakfast
   8:30AM Seminar Overview and Introductions
   9:15AM Changes – Presidential, OMB, DHS and NIST
 10:00AM Coffee Break
 10:10AM Cybersecurity Frameworks
  • Risk Management Framework (RMF) – SP800-37
  • Department of Defense (DoD) RMF – DoDI 8500.01/DoDI 8510.01/CNSSI-1253
  • System Development Life Cycle (SDLC) – SP800-64
  • Cybersecurity Framework (CSF) – NIST CSF
  • System Security Engineering Framework (SSEF) – SP800-160
  • High Value Asset Process Framework – OMB M-17-09
  • Discussion on Consolidation Potentials
 11:00AM NIST Special Publications Update
  Guest Speaker: Victoria Yan Pillitteri, Advisor for Information System Security, National Institute of Standards and Technology (NIST)
 12:00PM Lunch
 1:00PM CS&C Services and Offerings, the E.O. 13800 Government Federal Networks Activities and the IT Modernization Report
  Guest Speaker: Nancy Lim, CISSP, DHS FNR Senior Advisor, CS&C Principal Liaison to OMB E-Gov Cyber, U.S. Department of Homeland Security (DHS)
   2:00PM Break
   2:10PM Security Plans
  • System Security Plan (SSP) – SP800-18
  • Information Security Control Monitoring Plan (ISCMP) – SP800-137
  • Incident Response Plan (IRP) – SP800-61/SP800-83
  • Contingency Plan (CP) – SP800-34
  • Security-focused Configuration Management Plan (SecCMP) – SP800-128
  • Patch Management Plan (PMP) – SP800-40
  • Discussion on Consolidation Potentials
2:45PM Simplified Risk Assessments
  • Risk Modeling:  Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
  • Categorization – FIPS-199/SP800-60
  • System Maximum Impact Level – SP800-30/SP800-39/SP800-60
  • Security Control Baseline/Best Practices – FIPS 200/SP800-53
3:45PM Adjourn
  Day 2: Wednesday, February 28
8:00AM Continental Breakfast
8:30AM Automated Tools Simplified
  • Security Content Automation Protocol (SCAP)
  • DoD Host-Based Security System (HBSS) Solutions
  • Assured Compliance Assessment Solution (ACAS)
  • Continuous Diagnostics and Mitigation (CDM) Program
  • Continuous Monitoring Dashboard
9:30AM Automated Tool Deployment
 10:00AM Coffee Break
 10:10AM Potential Automated Continuous Authorization Processes
  • System Strategies and Options
  • Agency Enterprise Strategies and Options
  • Federal Enterprise Strategies and Options
 11:00AM DHS Activities
  • EINSTIEN, Trusted Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene Reviews
  • Discussion on Potential Leveraging
 12:00PM Lunch
1:00PM Clouds, Security Services and Common Controls
  • Clouds – FedRAMP
  • Security Services – CDM
  • System Specific, Common and Hybrid – SP800-37
2:00PM Break
  • “…show preferences in… cloud, and cybersecurity services.”
  • Identify Future Potentials and Requirements – Exercise and Discussion
3:30PM Summary
3:45PM Adjourn
  Note: Many products will be noted, but noting them is not an endorsement.