VA to TRM CrossReference Tutorial v3

1
VA Cyber Security Reference Model (CSRM) Tutorial
ltClick to Continuegt
2
Disclaimer The Veterans Affairs (VA) Enterprise
Architecture (EA) 4.3 structure has not changed
enough since the release of VA EA 4.2 to warrant
changes in the tutorials. Please note that any
references to VA EA 4.2 also pertain to VA EA
4.3. ltClick to Continuegt
3
Introduction The VA Cyber Security Reference
Model, generated for the VA EA 4.3, provides a
mapping between cyber security mandates (Federal
Government laws and guidance), VA internal
policies, and related external Federal guidance.
It also provides summaries, descriptions, and
links to supporting documents regarding cyber
security. (Please note CSRM is a working proof
of concept model) Please click the mouse to
proceed to the next item/instruction anytime
during this tutorial. To exit the tutorial,
press Escape (Esc) or your browser Back Arrow (in
Internet Explorer). ltClick to Continuegt
4
The CSRM is located under the EA 4.3 Products
tab. ltClick to Continuegt
Select the VA Alignment Models menu item. ltClick
to Continuegt
5
Select the VA Cyber Security Reference Model
sub-menu item. ltClick to Continuegt
6
The CSRM section provides a spreadsheet that
allows the user to easily view the model. ltClick
to Continuegt
Select the Cyber Security Reference Model
workbook hyperlink to see the data. ltClick to
Continuegt
7
The first column of the summary sheet provides a
security mandate index. ltClick to Continuegt
The second column provides a count of actionable
mandates (specific security requirements) that
exist in each mandate ltClick to Continuegt
as well as various VA internal policies that
apply to these mandates in the last seven
columns. ltClick to Continuegt
that are related Federal external guidance in
the third column ltClick to Continuegt
8
Select the Memorandum M-06-16 hyperlink to see it
in greater detail. ltClick to Continuegt
The percent of Federal actionable mandates
implemented by the Office of Cyber Information
Security (OCIS) are listed in these
columns. ltClick to Continuegt
The colors are determined by performance result
ranges. We will revisit this for user
functionality later in the tutorial. ltClick to
Continuegt
9
These columns list the mandate, sections, and
sub-sections. ltClick to Continuegt
This column lists the actionable mandates
extracted from each mandate. ltClick to Continuegt
Hyperlinks are provided to a PDF of the actual
mandate. ltClick to Continuegt
Select an actionable mandate to view detailed
descriptions. ltClick to Continuegt
10
A detailed description, next to the outlined
cell, is provided for the selected actionable
mandate. ltClick to Continuegt
Select the Mandates tab to return. ltClick to
Continuegt
11
Mandates are broken down into ltClick to
Continuegt
actionable mandates, that are related
to. ltClick to Continuegt
Federal external guidance and VA internal
policies (all hyperlinked to source). ltClick to
Continuegt
Scroll to the right to see the Control
Families. ltClick to Continuegt
12
Select a control family to view the
definitions. ltClick to Continuegt
The text Yes appears in each cell that is
related to the corresponding families
above. ltClick to Continuegt
13
The definitions of each control family are
provided next to the selected cell. ltClick to
Continuegt
Select the Summary tab to return. ltClick to
Continuegt
14
Select the Back arrow to return to the EA 4.3 Web
Site. ltClick to Continuegt
mandates, guidance, and internal VA
policies. ltClick to Continuegt
Users can enter different percentages to change
how the colors correspond with the different
ltClick to Continuegt
15
Summary This tutorial has reviewed the VA Cyber
Security Reference Model (CSRM) in the EA 4.3.
Additional CSRM details can be explored on the EA
4.3 web site. ltClick to Continuegt
16
ltClick to exitgt