NIST_ISSCA - Information System Security Control...

Info icon This preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
National Institute of Standards and Technology 1 Information System Security Control Architecture (ISSCA) Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive; Stop 8930 Gaithersburg, MD 20899 (301) 975-4768 [email protected] fax: (301) 975-4964
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
National Institute of Standards and Technology 2 Presentation Contents Background/motivation System security C&A (historical perspective) OMB A-130; Appendix III Federal Information Security Management Act 2002 (FISMA) NIST FISMA implementation project ISSCA Significance of NIST’s activities to the commercial sector ----------------------------------------------- Supporting detail
Image of page 2
National Institute of Standards and Technology 3 Background/Motivation NIST’s system security C&A guidance aging (FIPS 102--1983) OMB A-130Appendix III: Security of Federal Information Resources (1996) Proliferation of C&A guidance FIPS 102 (NIST) DITSCAP (DoD) NIACAP (NSTISSC/NSS) Federal Information Security Management Act 2002 (FISMA)
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
National Institute of Standards and Technology 4 OMB A-130, Management of Federal Information Resources Requires Federal agencies to: Plan for security Implement controls commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information (called adequate security ) Ensure that appropriate officials are assigned security responsibility Authorize system processing prior to operations and periodically, thereafter. Consistent with FISMA
Image of page 4
National Institute of Standards and Technology 5 Federal Information Security Management Act (FISMA) Title III of E-Government Act of 2002 (Public Law 107-347)
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
National Institute of Standards and Technology 6 FISMA Requirements Federal agency information security (IS) program requirements NIST requirements Others (not to be addressed today)
Image of page 6
National Institute of Standards and Technology 7 Federal Agency Information Security Programs Must Include (1): Periodic assessments of the risk Policies and procedures that are: Risk-based Cost-effective Reduce IS risks to an acceptable level Ensure IS is addressed throughout the system life cycle Plans for providing adequate IS for networks, facilities, & information systems (i.e., security planning) Security awareness training to inform personnel (including contractors and other users of information systems) of the IS risks and their responsibilities
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
National Institute of Standards and Technology 8 Federal Agency Information Security Programs Must Include (2): Periodic testing and evaluation of the effectiveness of information security policies, procedures, and practices with a frequency depending on risk, but no less than annually Plans and procedures to ensure continuity of operations Procedures for detecting, reporting, and responding to security incidents including: Mitigating risks before substantial damage is done Notifying/consulting with the Federal IS incident response center , law
Image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern