open security controls
play

Open Security Controls Assessment Language (OSCAL) Lunch with the - PowerPoint PPT Presentation

Mar 31, 2024 •28 likes •118 views

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Review

  1. Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology

  2. Teleconference Overview 2  Ground Rules  OSCAL Status Summary (5 minutes)  Review Assessment, Assessment Result, and Plan of Action and Milestones Models  Question and Answer / Discussion  Submitted questions will be discussed  The floor will be open for new questions and live discussion

  3. OSCAL Lunch with the Developers 3 Purpose:  Facilitate an open, ongoing dialog with the OSCAL developer and user communities to promote increased use of the OSCAL models Goals:  Provide up-to-date status of the OSCAL project development activities  Answer questions about implementing and using the OSCAL models, and around development of OSCAL model-based content  Review development priorities and adjust priorities based on community input  Help the OSCAL community identify development needs

  4. Ground Rules 4  Keep the discussion respectful  Using welcoming and inclusive language  Being respectful of differing viewpoints and experiences  Gracefully accepting constructive criticism  Focusing on what is best for the community  Wait for one speaker to finish before speaking - one speaker at a time  Speak from your own experience instead of generalizing ("I" instead of "they," "we," and "you").  Do not be afraid to respectfully challenge one another by asking questions -- focus on ideas.  The goal is not to always to agree -- it is to gain a deeper understanding.

  5. OSCAL Version 1 Milestones 5 Milestone Focus Sprints Status Date Milestone 1 Catalog and Profile Models 1 to 21 Completed 6/15/2019 Milestone 2 System Security Plan (SSP) Model 6 to 23 Completed 10/1/2019 Milestone 3 Component Definition Model 6 to ~30 Completed May 2020 Release Provide a web-based specification 24 to ~33 In Progress ~ August 2020 Candidates / Model Improvements Full Release Based on Community Feedback 34 to 36 Planned By end of 2020 Ongoing Minor and bugfix releases as Additional Planned Ongoing Maintenance needed Sprints Current Sprint: 32 (https://github.com/usnistgov/OSCAL/projects/31)

  6. Review of Current/Completed Work 7 On Github: https://github.com/usnistgov/OSCAL

  7. Open Floor 10 What would you like to discuss? What questions do you have? Should we be covering anything differently?

  8. Thank you 11 OSCAL Repository: https://github.com/usnistgov/OSCAL Next Lunch with Devs: Project Website: July 16 th , 2020 https://www.nist.gov/oscal 12:00 Noon EDT (4:00 PM UTC) How to Contribute: https://pages.nist.gov/OSCAL/contribute/ Contact Us: oscal@nist.gov On Gitter: https://gitter.im/usnistgov- OSCAL/Lobby

  9. Three New OSCAL Models 12 POA&M  Based on FedRAMP POA&M Assessment Results  Based on FedRAMP Security Assessment Report (SAR) Assessment Plan  Based on FedRAMP Security Assessment Plan (SAP)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or

IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or

IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or countermeasures to avoid, detect, counteract, or minimize security risk Types of Controls Preventive Controls (E.g. Password lockout after 5 failed

483 views • 31 slides
IT Security Controls Spring 2020 By: Jay Chen What are Security Controls? A safeguard or

IT Security Controls Spring 2020 By: Jay Chen What are Security Controls? A safeguard or

IT Security Controls Spring 2020 By: Jay Chen What are Security Controls? A safeguard or countermeasure for an information system or an organization designed to protect confidentiality, integrity, and availability of its information and to

605 views • 34 slides
Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Issues

427 views • 14 slides
Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Issues

298 views • 10 slides
Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Issues

434 views • 16 slides
Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Issues

404 views • 11 slides
Who Controls the Past Controls the Future Who Controls the Present Controls the Past Nothing

Who Controls the Past Controls the Future Who Controls the Present Controls the Past Nothing

Who Controls the Past Controls the Future Who Controls the Present Controls the Past Nothing gives rest but the sincere search for truth. -Pascal Greetz from Room 101 Kenneth Geers 1984 # Nineteen Eighty-Four (Orwell) # Govt IW vs own

1.03k views • 77 slides
Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security Consultant About me Katy Anton Software development background Project co-leader for OWASP Top 10 Proactive Controls (@OWASPControls)

599 views • 37 slides
Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings

Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings

Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings September 13, 2006 Boston, MA Stuart Katzke and Keith Stouffer, National Institute of Standards & Technology, Gaithersburg, MD Marshall Abrams, The

460 views • 23 slides
Cyber Security and Export Controls: You Need to Know More Than You Already Do AnnaLisa

Cyber Security and Export Controls: You Need to Know More Than You Already Do AnnaLisa

Cyber Security and Export Controls: You Need to Know More Than You Already Do AnnaLisa Nash Export Control Officer, NDSU Why Should You Care About Export Controls? so you can avoid HERE. When Should You Care? NOW. U.S. export

758 views • 65 slides
Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel Secure Databases RBAC in Commercial DBMS Statistical Database Security Simone Fischer-Hbner Applied Security, DAVC17 Relational Database

194 views • 6 slides
Measuring the Performance and Effectiveness of Critical security controls William Makatiani

Measuring the Performance and Effectiveness of Critical security controls William Makatiani

Measuring the Performance and Effectiveness of Critical security controls William Makatiani Name Here About Serianu Limited Serianu is a Pan Africa based Cyber Security and business consulting firm. We are an award winning company in the

759 views • 46 slides
Todays Keys What are IT Controls Basic IT Controls Where to Find Resources What are IT

Todays Keys What are IT Controls Basic IT Controls Where to Find Resources What are IT

Todays Keys What are IT Controls Basic IT Controls Where to Find Resources What are IT Controls Objectives of IT Controls are Interrelated Prevent & Detect Fraud Automate Ensure controls Prevent integrity & accidental

308 views • 16 slides
This audit looked at whether the fraud and corruptjon controls over personnel security are

This audit looked at whether the fraud and corruptjon controls over personnel security are

This audit looked at whether the fraud and corruptjon controls over personnel security are well-designed and operatjng as intended. We examined recruitment practjces for employees, contractors and consultants in the Victorian Public Service, or

255 views • 3 slides
ASCEM Conference Lighting Controls Roundtable Discussion Why do we want lighting controls?

ASCEM Conference Lighting Controls Roundtable Discussion Why do we want lighting controls?

ASCEM Conference Lighting Controls Roundtable Discussion Why do we want lighting controls? Behavior Modification versus lighting controls Implementation and outcomes Typical Controls Keyed Switches Dual switching

973 views • 15 slides
Simulation-based optimization of information security controls: An adversary-centric approach

Simulation-based optimization of information security controls: An adversary-centric approach

Simulation-based optimization of information security controls: An adversary-centric approach Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strau, Christian Stummer December 9, 2013; Washington, DC Funded by the Austrian

1.01k views • 88 slides
Biology FEST: Faculty Explora.ons in Scien.fic Teaching Biology FEST

Biology FEST: Faculty Explora.ons in Scien.fic Teaching Biology FEST

Biology FEST: Faculty Explora.ons in Scien.fic Teaching Biology FEST Luncheon Workshop #2 Tuesday, January 22 nd 12:30-2 pm Star%ng Strong: Ac%ve Learning

487 views • 21 slides
POSITIVE RELIABLE PROFESSIONAL INITIATIVE RESPECT INTEGRITY GRATITUDE s e s & E x

POSITIVE RELIABLE PROFESSIONAL INITIATIVE RESPECT INTEGRITY GRATITUDE s e s & E x

POSITIVE RELIABLE PROFESSIONAL INITIATIVE RESPECT INTEGRITY GRATITUDE s e s & E x p e c t a t i o n R u l DONT KNOW KNOW DO s e s & E x p e c t a t i o n R u l DONT KNOW KNOW i c e s

477 views • 13 slides
Top Quark Physics at Tevatron Mousumi Datta Fermi National Accelerator Laboratory for the CDF

Top Quark Physics at Tevatron Mousumi Datta Fermi National Accelerator Laboratory for the CDF

Top Quark Physics at Tevatron Mousumi Datta Fermi National Accelerator Laboratory for the CDF and DO Collaborations 44th Annual Fermilab Users' Meeting June 2, 2011 Outline Introduction Exploring top properties Top quark

454 views • 41 slides
Synchronized Chemotactic Oscillators S.M.U.G. Summer Synthetic Biology Competition

Synchronized Chemotactic Oscillators S.M.U.G. Summer Synthetic Biology Competition

Synchronized Chemotactic Oscillators S.M.U.G. Summer Synthetic Biology Competition Massachusetts Institute of Technology November 6, 2004 Motivation Our goal: an interesting, complex system something cool. But how to make it happen?

1.39k views • 117 slides
School Programs Monthly Claims & Reimbursement Training 2020-21 School Year 3310 Meal

School Programs Monthly Claims & Reimbursement Training 2020-21 School Year 3310 Meal

School Programs Monthly Claims & Reimbursement Training 2020-21 School Year 3310 Meal Counting, Claiming, and Managing Funds Dario Muralles, Management Analyst Agenda Introduction of Claims Orchard Application / Entitlement

549 views • 40 slides
CLASS OF 2021 The following slides were shared with students at Marauder Camp this year! Please

CLASS OF 2021 The following slides were shared with students at Marauder Camp this year! Please

WELCOME MARCUS HIGH SCHOOL CLASS OF 2021 The following slides were shared with students at Marauder Camp this year! Please find important need to know information for both students and parents. The Student Handbook and Code of Conduct can be

674 views • 26 slides
Blakely Butler Learning Session Blakely Butler Moot Court Competition Fall 2020 What is Blakely

Blakely Butler Learning Session Blakely Butler Moot Court Competition Fall 2020 What is Blakely

Blakely Butler Learning Session Blakely Butler Moot Court Competition Fall 2020 What is Blakely Butler? A moot court competition consisting of an oral argument and a simple writing component (for 1 hour of class credit) Moot court is

197 views • 15 slides
No Free Lunch in Data Privacy CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 15:

No Free Lunch in Data Privacy CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 15:

No Free Lunch in Data Privacy CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 15: 590.03 Fall 12 1 Outline Background: Domain-independent privacy definitions No Free Lunch in Data Privacy [Kifer- M SIGMOD 11]

674 views • 48 slides

More recommend