F e de r al Compute r Se c ur ity Manage r s F or um Me e - - PowerPoint PPT Presentation

F e de r al Compute r Se c ur ity Manage r s’ F

• r

um Me e ting

Aug ust 19, 2019 NI ST Ga ithe rsb urg NI ST We st Sq ua re

NIST Building 101 Ground Floor Map

FCSM Quarterly Meeting Overview| 2

NIST Building 101 Ground Floor Map

FCSM Quarterly Meeting Overview| 2

NIST-Guest Wireless Network

 NIST-Guest is broadcasted; Use this network to connect your device.

1. Connect wirelessly to SSID: NIST-Guest 2. Open your browser, as needed. 3. If using iOS (iPhones and iPads), access a web page that does not use https:// to get to the Access and Use Policy. 4. If using Android devices, a web page will automatically open with the Access and Use Policy.

 Review the complete Access and Use Policy by scrolling to the bottom of the Window. Acknowledge that you agree to the terms identified by selecting ACCEPT.  Device access will be blocked if (1) it is a NIST-owned device; (2) malware or other malicious activity is detected; or (3) inappropriate online behavior is detected. For more information, see: https://www.nist.gov/oism/access-and-use-nist-guest-network

FCSM Quarterly Meeting Overview| 4

FCSM Quarterly Meeting Agenda

FCSM Quarterly Meeting Overview| 5 T ime Age nda Ite m Pr e se nte r 9:00 a.m.

We lc o me a nd Anno unc e me nts

Jody Jac obs, F

CSM Cha irpe rso n, NIST

9:20 a.m.

Building a Se c urity Autho riza tio n Stra te g y fo r Clo ud Se rvic e Pro vide rs

Jaime Noble , Dire c to r fo r I

T Se c urity & Chie f I nfo rma tio n Se c urity Offic e r, U.S. De pa rtme nt o f Justic e , Offic e o f Justic e Pro g ra ms

10:20 a.m.

Bre a k

10:40 a.m.

F I PS 201-2, Pe rso na l I de ntity Ve rific a tio n (PI V) o f F e de ra l E mplo ye e s a nd Co ntra c to rs

Hilde gar d F e r r aiolo, Co mpute r Sc ie ntist,

Co mpute r Se c urity Divisio n, NI ST

11:30 a.m.

ADJOURN F ORUM ME E T I NG

The FCSM forum meeting room will be available until 2:00 p.m. for forum meeting attendees to get together and network, discuss issues among themselves, or ask FCSM/NIST staff about any issues not discussed in the forum meeting. You can bring your lunch or purchase your lunch from the cafeteria and bring it into the room for the networking session.

NIST Update Re sc inde d NI

ST Spe c ia l Pub lic a tio ns

NI

ST F I SMA Pub lic a tio n Sc he dule

Ove rla y Re po sito ry Sa ve the Da te : F

Y19 Me e ting s, Wo rksho ps, a nd Co nfe re nc e s

FCSM Quarterly Meeting Overview| 6

NIST Rescinded Publication On Ma y 31, 2019 NI

ST re sc inde d NI ST Spe c ia l Pub lic a tio n 800-64 Se c urity Co nside ratio ns in the Syste m De ve lo pme nt L ife Cyc le

Re fe r to NI

ST SP 800-160 Vo lume 1 fo r c urre nt info rma tio n a b o ut syste m life c yc le pro c e sse s a nd syste ms se c urity e ng ine e ring .

NI

ST inte nds to de ve lo p a white pa pe r tha t de sc rib e s ho w the Risk Ma na g e me nt F ra me wo rk (SP 800-37 Re v. 2) re la te s to syste m de ve lo pme nt life c yc le pro c e sse s a nd sta g e s.

FCSM Quarterly Meeting Overview| 7

NIST FISMA Publication Schedule



As o f July 2019, NIST is c urre ntly wo rking o n upd a ting the fo llo wing pub lic a tio ns. Unfo rtuna te ly, NIST is no t a b le to g ive a d a te whe n the se pub lic a tio ns will b e re le a se d fo r initia l/ fina l pub lic d ra ft/ fina l pub lic a tio n. T he fo llo wing list is in a lpha b e tic a l o rd e r a nd d o e s no t ind ic a te pub lic a tio n pre fe re nc e :  NI

ST Spe c ia l Pub lic a tio n 800-18 Re visio n 2, Guide fo r De ve lo ping Syste m Se c urity Pla ns

 NI

ST Spe c ia l Pub lic a tio n 800-53, Re visio n 5 (I nitia l Pub lic Dra ft), Se c urity a nd Priva c y Co ntro ls fo r I nfo rma tio n Syste ms a nd Org a niza tio ns

 NI

ST Spe c ia l Pub lic a tio n 800-53A, Re visio n 5, Asse ssing Se c urity a nd Priva c y Co ntro ls in F e de ra l I nfo rma tio n Syste ms a nd Org a niza tio ns: Building E ffe c tive Asse ssme nt Pla ns

 NI

ST Spe c ia l Pub lic a tio n 800-53B, Co ntro l Ba se line s a nd T a ilo ring Guida nc e fo r F e de ra l I nfo rma tio n Syste ms a nd Org a niza tio ns

 F

e de ra l I nfo rma tio n Pro c e ssing Sta nda rd (F I PS) 199, Re visio n 1, Sta nda rds fo r Se c urity Ca te g o riza tio n o f F e de ra l I nfo rma tio n a nd I nfo rma tio n Syste ms

 F

e de ra l I nfo rma tio n Pro c e ssing Sta nda rd (F I PS) 200 Re visio n 1, Minimum Se c urity Re q uire me nts fo r F e de ra l I nfo rma tio n a nd I nfo rma tio n Syste ms https:/ / c src .nist.g o v/ Pro je c ts/ Risk-Ma na g e me nt/ Sc he dule

FCSM Quarterly Meeting Overview| 8

NIST Security Control Overlay Repository (SCOR)

 Ac tive NOW!

 NIST

SCOR pro vide s sta ke ho lde rs a pla tfo rm fo r vo lunta rily sha ring se c urity c o ntro l o ve rla ys

 L

e ve l o f de ta il in o ve rla y a t disc re tio n o f the o rg a niza tio n

 T

he o ve rla y re po sito ry is o rg a nize d into c a te g o rie s o f o ve rla ys b a se d o n the sub mitting o rg a niza tio n: g o ve rnme nt-wide ; pub lic (sub mitte d b y a .c o m, .e du, o r .o rg ); a nd NIST

• de ve lo pe d.

 Go ve rnme nt-wide c a te g o ry c o nsists o f sub missio ns fro m fe de ra l, sta te ,

trib a l, a nd lo c a l g o ve rnme nts.

 Pub lic c a te g o ry c o nsists o f sub missio ns fro m c o mme rc ia l, e duc a tio na l, o r

no n-pro fit o rg a niza tio ns.

 NIST

• de ve lo pe d c a te g o ry c o nsists o f sub missio ns de ve lo pe d b y NIST

.

https:/ / c src .nist.g o v/ Pro je c ts/ Risk-Ma na g e me nt/ sc o r

FCSM Quarterly Meeting Overview| 9

NIST Security Control Overlay Repository (SCOR) Submission Process

 Org a niza tio ns sa nitize o ve rla y fo r pub lic re vie w a nd e nsure c o nsiste nc y

with 800-53 se c urity c o ntro ls

 Org a niza tio ns c o mple te a nd sub mits the fo llo wing do c ume nts to

• ve rla ys@ list.nist.g o v:



Ove rla y sub missio n fo rm



SCOR partic ipation agre e me nt (for Public organizations) o r SCOR partic ipation agre e me nt (for F e de ral organizations) with ma na g e me nt a ppro va l (dig ita l sig na ture s a re a c c e pte d)



Org a niza tio n Ove rla y in e ithe r E xc e l, Wo rd o r PDF fo rma t

 NIST

Re vie ws o ve rla y fo r c o nsiste nc y with NIST sta nda rds a nd g uide line s

 Ove rla y is po ste d o n SCOR We b site  Org a niza tio ns no tifie d o f po sting a nd a re re spo nsib le fo r le tting NIST

kno w

• f a ny upda te s



If o ve rla y is no t upda te d within o ne ye a r o f a ne w SP 800-53 ve rsio n b e ing pub lishe d, it will b e re mo ve d a nd/ o r a rc hive d.

All submissions/ Que stions: o ve rla ys@ list.nist.g o v

FCSM Quarterly Meeting Overview| 10

Upcoming Meetings, Workshops and Conferences

• Save the Date!

 Ong o ing : Re q ue st Input fo r F

CSM T

• pic s a nd Spe a ke rs!!!!!!!

 T

he me fo r 2020 2-d a y c o nfe re nc e

 Vo lunte e r fo r pre se nta tio n, ta lk a b o ut yo ur pro g ra m, inno va tive so lutio n

sho wc a se !

 Se nd to se c -fo rum@ nist.g o v

 Priva c y E

ng ine e ring Pro g ra m E ve nts a t https:/ / www.nist.g o v/ itl/ a pplie d- c yb e rse c urity/ priva c y-e ng ine e ring / e ve nts

 Ne xt F

CSM Qua rte rly Me e ting

 No ve mb e r 19, 2019 @ NIST

Ga ithe rsb urg

 F

e b rua ry 18, 2020 @ NIST Ga ithe rsb urg

 April 21, 2020 @ NIST

Ga ithe rsb urg

 F

• r mo re info rma tio n:

https:/ / c src .nist.g o v/ Pro je c ts/ F

• rum

FCSM Quarterly Meeting Overview| 11