Federal Computer Security Managers Forum Quarterly Meeting - - PowerPoint PPT Presentation

Federal Computer Security Managers’ Forum Quarterly Meeting

November 2, 2017

National Cybersecurity Center of Excellence

Safety/Evacuation

FCSM Quarterly Meeting Overview| 2

Evacuation Emergencies What Will Happen During an Evacuation Event?

• A building-wide alarm will sound
• Verbal instructions over the building’s public address (PA) system will follow

shortly after the alarm

• Exit the conference room and head for the nearest exit (Red Signs –

Upper Right Map)

• If the Security Guard is close by and accessible, ask for further instruction
• Once outside the building, swiftly walk toward the designated meeting area

near the posted sign stating “Evacuation Meeting Area” (Yellow Sign – Lower Right Map)

Shelter-In-Place (SIP) Emergencies What Will Happen During an Evacuation Event?

• A building-wide alarm will sound
• Verbal instructions over the building’s public address (PA) system will follow

shortly after the alarm

• Exit the conference room and head for the nearest SIP hallway or room

(Yellow Signs – Upper Right Map)

• If the Security Guard is close by and accessible, ask for further instruction

NIST-Guest Wireless Network

• NIST-Guest is broadcasted; Use this network to connect

your device.

1. Connect wirelessly to SSID: NIST-Guest 2. Open your browser, as needed. 3. If using iOS (iPhones and iPads), access a web page that does not use https:// (for example, http://www.apple.com) to get to the Access and Use Policy. 4. If using Android devices, a web page will automatically open with the Access and Use Policy.

• Review the complete Access and Use Policy by scrolling to the bottom of the
• Window. Acknowledge that you agree to the terms identified by selecting

ACCEPT.

• Device access will be blocked if (1) it is a NIST-owned device; (2) malware or
• ther malicious activity is detected; or (3) inappropriate online behavior is

detected. For more information, see: https://www.nist.gov/sites/default/files/documents/2016/11/08/AboutAccess.pdf

FCSM Quarterly Meeting Overview| 3

FCSM Quarterly Meeting Agenda

November 2, 2017

9:00 AM Welcome and Update from NIST Jody Jacobs, NIST 9:30 AM Internet of Things (IOT) Security and Privacy Considerations Suzanne Lightman, NIST 10:15 AM Break 10:30 AM Derived PIV Credentials Chris Brown, NIST 11:15 AM Tour of NCCoE Susan Prince, NIST 12:00 PM Adjourn

FCSM Quarterly Meeting Overview| 4

NIST Update

• Draft SP 800-53, Revision 5
• Draft SP 800-37, Revision 2
• Additional Publications Pending Update/In

Development

• Updated CSRC Site and Upcoming Listserv Changes
• Save the Date: FY2018 FCSM Meetings

FCSM Quarterly Meeting Overview| 5

NIST Update: Draft SP 800-53, Rev 5

• Initial Public Draft (IPD) published

Aug 15, 2017

• 30 day public comment period

(through Sept 12, 2017)

– Also published “red-line” version of controls and baselines that highlight significant technical updates and changes

FCSM Quarterly Meeting Overview| 6

public comments

3000+ 115+ stakeholders

NIST Update: Planned SP 800-53, Rev 5 Publication Schedule*

FCSM Quarterly Meeting Overview| 7

*Awaiting OMB Approval; Dates subject to change Aug | Sept | Oct | Nov | Dec | Jan | Feb | Mar | April | May Joint Task Force Comment Adjudication 30-Day FPD Public Comment Period Joint Task Force Comment Adjudication Release Final Public Draft (FPD) Release Final

NIST Update: Draft SP 800-37, Rev 2

• Discussion Draft published Sept. 28, 2017 in preparation for the NIST Risk

Management Framework (RMF) Workshop

• RMF Workshop held Oct. 3, 2017 @ NCCoE

– Opportunity to get initial stakeholder feedback/input – Workshop summary, CEU form available on event site:

https://csrc.nist.gov/Events/2017/NIST-Risk-Management-Framework-Workshop

• Update Objectives:

– Closer linkage to risk management (RM) processes and activities at C-suite level and system/operational level (including SP 800-39) – Institutionalize enterprise-wide RM preparation activities – Demonstrate how the Cybersecurity Framework can be implemented using established NIST RM processes – Integration of privacy risk management concepts into the RMF and support use of consolidated security and privacy controls in draft SP 800-53, Rev. 5

FCSM Quarterly Meeting Overview| 8

Planned SP 800-37, Rev. 2 Publication Schedule*

FCSM Quarterly Meeting Overview| 9

*Awaiting OMB Approval; Dates subject to change Sept | Oct | Nov | Dec | Jan | Feb | Mar | April | May | June | July Ongoing Stakeholder Coordination 30-Day IPD Public Comment Period Joint Task Force Comment Adjudication Release Initial Public Draft (IPD) Release Final Public Draft (FPR) Joint Task Force Comment Adjudication Release Final 30-Day FPD Public Comment Period

NIST Update: Additional Publications Pending Update/In Development*

• FIPS 199
• FIPS 200
• NIST IR 8011

(multiple volumes)

• NIST SP 800-18
• NIST SP 800-37
• NIST SP 800-39
• NIST SP 800-47
• NIST SP 800-53
• NIST SP 800-53A
• NIST SP 800-60
• NIST SP 800-160A

(new)

• NIST SP 800-171A

(new)

FCSM Quarterly Meeting Overview| 10

*Listed in alphabetical order; schedule pending available resources

NIST Update

• Redesigned CRSC Site Now Live: https://csrc.nist.gov/
• New Google Group for FCSM – COMING SOON

– More information to come at February 2018 meeting – ATO issued 10/30/2017 for NIST to use Google Groups – No need to create additional Google account, can use existing email – Benefits

• Ability to search archives
• No blocking due to oversized headers
• Auto-subscribe and auto-unsubscribe

FCSM Quarterly Meeting Overview| 11

Upcoming FCSM Meetings – Save the Date!

• Quarterly Meetings

– February 13, 2018 @ NIST Gaithersburg

• Annual “Offsite”

– May 15-16, 2018 @ NIST Gaithersburg For more information: https://csrc.nist.gov/Projects/Forum

FCSM Quarterly Meeting Overview| 12