CSAM DOJ Briefing Day2

75 %
25 %
Information about CSAM DOJ Briefing Day2

Published on April 22, 2008

Author: Jolene

Source: authorstream.com

Slide1:  Introduction and Overview Highlights and Capabilities Business Readiness Pricing Model Conclusion Q and A’s IT Security Program Purpose: Support Department of Justice Strategic Goals by ensuring Integrity, Confidentiality, and Availability of information and information systems. Dennis Heretick Deputy CIO, IT Security Department of Justice Dennis.heretick@usdoj.gov Customer Information Day Information System Security Line of Business March 13, 2007 Cyber Security Assessment and Management (CSAM) Comprehensive FISMA Compliance Technology and Support Services Slide2:  Cyber Security Assessment and Management (CSAM) Certification & Accreditation (DOJ IT Security Standards (FISCAM/FIPS 200/NIST 800-53) Inventory/Interconnections (CA-3) Scope Security Category Inherit Common Controls (MOA/SLA) (CA-2) C&A Team Review/Update Risk Assessment POA&M & Funding Decision Implement/Maintain Technical/Operational Controls Security Requirements Selection and Assign Responsibilities (PL-2) System Description Life Cycle Mgmt (SA-3) Configuration Management (PL-1) Exercise & Update Incident Response Plan ( IR-7) Exercise & Update Contingency Plan (CP-10) Awareness & Training (AT- 2 & 3) Physical/Environ Protection (PE-4) Personnel Security (PS-8) Media Protection (MP-7) Dec 06 – Dec 07 Jan 07 – Jan 08 Feb 06 – Mar 07 with ongoing maintenance Monthly Review Dashboard OMB Report Vulnerability Scans DB App Scan Web App Scan Asset Discovery/Mgmt Security Info Mgmt Config Sec 1. 2. 3. Access Controls (AC 2-20) Vulnerability Mgmt (RA-5) Audit and Accountability (AU 2- 11) Identification and Authentication ( IA 2-7) Systems & Communications Protection (SC 2-19) System and Information Integrity (SI 2-12) Vulnerability Mgmt Plan DB Application Discovery Slide3:  Cyber Security Assessment and Management (CSAM) PRESIDENTS MANAGEMENT AGENDA FISMA, DCID 6/3 DOJ IT SECURITY STDS FISCAM, FIPS/NIST 800-53 Cost + Implementation Guidance RA-1 Risk Assessment and Procedures PL-1 Security Planning Policy and Procedures. SA-1 System & Services Acquisition Policy & Procedures CA-1 Certification & Accreditation & Security Assessment Policies and Procedures. Technical Controls Management Controls Test Case for Each Requirement Plans of Action & Milestones (POA&M) Implementation Requirements Control Objective (Subordinate Objective) Control Techniques Specific Criteria Prerequisite Controls Test Objective Test Set Up Test Steps Expected Results: Actual Results: Cost PASS FAIL Test Case RA-1.1 Test Case PL-1.8 Test Case SA-1.1 Test Case nn.n.n. Test Case CA-1.3 Cyber Security Assessment & Mgmt TrustedAgent (CSAM) OMB FISMA Reporting Operational Controls Vulner Control Vulner Level Threat Level Signif Level X X Total Risk = Risk Assessment Cost + Implementation Guidance PS-1 Personnel Security Policy & Procedures PE-1 Physical Environmental Protection Policy & Procedures CP-1 Contingency Planning Policy & Procedures CM-1 Configuration Management Policy & Procedures. Cost + Implementation Guidance IA-1 Identification and Authentication Policy & Procedures AC-1 Access Control Policy & Procedures AU-1 Audit & Accountability Policy & Procedures SC-1 System & Comm Protection Policy & Procedures. Slide4:  1. Risk-based Policy and Implementation Guidance Establish Program Implementation Strategy Set Up System Inventory Process Establish Goals, Performance Metrics, and Monitor Performance Identify Enterprise Solutions Provide Cost Guidance Performance Dashboard to Monitor Implementation Requirements Determination Scope Security Category (FIPS 199) Inheritance of Security Controls Initial Minimum Control Set Testing Integrated into Implementation Identify Residual Risks & POA&M Mgmt Generate an SSP with Artifacts Support Continuous Monitoring 2. Enterprise Program Management Plan 3. Subordinate System Security Plan (SSP) Authoring Tool to Tailor IT Security Standards & Procedures to Agency Needs Assign Agency, Component, and System Roles and Responsibilities Employ Automated Risk Assessment Methodology CSAM -- Comprehensive FISMA Compliance Technical and Support Services Slide5:  Responsive actions to customer feedback and continuous improvements are key to ensuring satisfied users CSAM Strategy Justice has successfully implemented service level agreements and revolving funds to support IT operations Reliable reimbursement process for managing reimbursable customer contracting support arrangements is in place Several Justice contracting vehicles are in place BPA Delivery Orders ITSS-3 Indefinite Delivery/Indefinite Quantity Contract GSA Schedule Business Readiness Slide6:  CSAM Pricing Model (Partnership Fee/Software License/Maintenance) 01-09 Systems -- $ 25K 10-24 Systems -- $ 30K 25-49 Systems -- $ 45K 50-99 Systems -- $100K 100-149 Systems --$125K 150-199 Systems --$150K 200-249 Systems -- $175K 250-299 Systems -- $200K 300- 349 Systems -- $225K 350- 399 Systems -- $250K 400 -450 Systems -- $275K 451- 499 Systems -- $300K 500- 549 Systems -- $325K 550- 599 Systems -- $350K 600- 650 Systems -- $375K 650- 699 Systems -- $400K 700-749 Systems -- $425K 750-799 Systems -- $450K Slide7:  CSAM Pricing Model (Installation and Help Desk Services) Slide8:  CSAM Pricing Model (Policy, Enterprise Program Management Plan) Slide9:  CSAM Pricing Model (Training) Initial Training Classes Four hours classroom training -- $200/per user Quarterly Workshops -- Train with Automated Tools, Enhancements and Share Lessons Learned Each user receives 4 hours training per quarter --$200/per user Two Day workshops -- $800/per user Slide10:  Pricing Model (Certification and Accreditation Services) Slide11:  Conclusion CSAM… Is a comprehensive FISMA compliance Technology and Support Services solution The CSAM solution includes… Risk-based Policy and Implementation Guidance Enterprise Program Management Plan Subordinate System Security Plans Training and Quarterly Workshops Robust Management Reporting For more information or to request a system demonstration, email: DOJLOBCSAM@usdoj.gov or contact: Ken Gandola Jim Leahy 202-353-0081 202-353-8741 Kenneth.d.gandola@usdoj.gov james.t.leahy@usdoj.gov

Add a comment

Related presentations

Related pages

J-6 Information Operations - Welcome to the White House

... (CSAM) November 16, 2001 ... DCID 6/3 DOJ IT SECURITY STDS ... Trained and experienced support in using CSAM toolkit is available as level of effort ...
Read more

Risk-Based Policy & Implementation Guidance Program (2)

CSAM_DOJ_Briefing_Day1. Author: N/A. Company: N/A. Description: Risk-Based Policy &... Tags: management, program, m... Created: 2009-07-25 10:20:36. Slides ...
Read more

Risk-Based Policy & Implementation Guidance Program

Risk-Based Policy & Implementation Guidance Program ... CSAM_DOJ_Briefing ... (3/19): 9am - noon Cyber Security Assessment & Management CSAM ...
Read more

CSAM: Certified Software Asset Manager - Welcome to IAITAM

Executive Briefing; Recent Webinars; Conferences. ... The IAITAM Certified Software Asset Manager (“CSAM”) ... DAY 2 Cost Savings and ...
Read more

Presidential Initiatives - Welcome to the White House

Department of Justice CSAM Toolkit; DOJ Briefing at Customer Information Day (1) DOJ Briefing at Customer Information Day (2) ISSLOB General Information ...
Read more

Ppt Pptinformation-operations | Powerpoint Presentations ...

Source : http://www.whitehouse.gov/sites/default/files/omb/assets/omb/egov/documents/CSAM_DOJ_Briefing_Day2.ppt. Types of Information System ...
Read more

Panel: Special Publication 800-53A Security Control ...

CSAM C&A Web SP 800-53A and Assessment Cases: ... • DOJ designated as a Shared Service Center for FISMA Reporting by OMB through ISSLOB initiative in 2007
Read more