Federal CIO Council Brief - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Federal CIO Council Brief

Description:

Initial 6 assessments chosen based on NCPS deployment schedule ... Process Improvement for incident identification, alert, and warning ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 12
Provided by: brendan156
Category:

less

Transcript and Presenter's Notes

Title: Federal CIO Council Brief


1
Federal CIO Council Brief
  • Department of Homeland Security (DHS)
  • Cyber Security and Communications
  • November 18, 2008

2
Background
  • November 2007 Office of Management and Budget
    announced the Trusted Internet Connection (TIC)
    Initiative in Memorandum M-08-05
  • The initiative will improve the federal
    governments security posture and incident
    response capability by
  • reducing number of and consolidating internet
    connections
  • providing enhanced monitoring and situational
    awareness of external network connections by TIC
    Access Providers (TICAP)
  • TICAP the entity responsible for managing a TIC

2
3
Compliance Validation Task
  • The Department of Homeland Security (DHS) is
    responsible for creating and implementing a
    program to validate the compliance of the TICAPs
    and corresponding TICs with the OMB requirements
  • This work is formally called the TIC Assessment
    Program and the periodic compliance validation
    will be called a TIC Assessment

3
4
TIC Assessment Program Overview
TICAssessment Program
TICAPs
Federal Agencies CIOs
OMB
Networx Vendors
4
5
Current Approach
Distribution FOUO
Develop Refine Method
Operationalize the Method
  • 9 months
  • Develop assessment framework and tools
  • Walkthrough for DHS
  • Agency CIO TICAP outreach
  • Initial 6 assessments chosen based on NCPS
    deployment schedule
  • Plan transition to steady-state operation
  • 1 to 3 years
  • Steady-state operation repeatable assessments
    and re-assessments
  • Identify trends to improve TIC operations
  • Assess all TICs order based on TICAP maturity
    or DHS prioritization

5
6
TIC Assessment Process
Distribution FOUO
Learning
Pre-Assessment
On-siteAssessment
SummaryReport
Compliant
AssessmentPlanning
Complete
Compliant
Re-Assessment
DHSAdjudicates
Learning
6
7
TIC Assessment Purpose Output
  • Purpose provide objective, repeatable,
    third-party collection and evaluation of evidence
    from the TICAP to measure the degree of adherence
    to the OMB TIC requirements
  • Output will include
  • Degree to which each critical OMB TIC requirement
    is met
  • Cumulative score of requirements fully met
  • Recommendation based on cumulative score 90
    Compliant

7
8
Schedule
December 2008
January 2009
December 2009
February 2009
March 2009
April 2009
May 2009
After May 2009
September 2008
October 2008
November 2008
Develop Assessment Instrument
Conduct assessment walkthrough
Initial set of TIC assessments
Build tools, artifacts, process guides (V1)
Create and refine the transition plan
Schedule remaining TICs to be assessed for
2009-2010
8
9
NCPS integrated deployment strategy allows for
phased deployment of high aggregation approach
with minimum risk
Apr09
Sep08
Oct08
Dec08
Jan09
May09
Jun09
Jun08
Jul08
Aug08
May08
Feb09
Mar09
Nov08
NCPS 2.0 Phase I
US-CERT Ops. Eval
D/A Op. Eval
1
STENNIS

3
4



5
6
2


7

NCPS 2.0 Phase II Single Service TICAP (Low
Aggregation)
USDA
USDA
1
3
2
5
4
6







7
DOS
4

3
2
5
6
7
1






EOP
4

3
2
5
6
7
1





  • Next 5 Sites

Order TBD
DOJ
1

3
2
5
4
6
7






NASA
1
4


3
2
5
6
7





2
3
1
  • NCPS 2.0/3.0 Exercise
  • Four Phases
  • 12 months




Exercise Architecture Approach feeds NETWORX
Discussions
NCPS Phase III NETWORX TICAP (High Aggregation)
Support to agencies begins CA Secondary Contract
award
NETWORX2 support to agencies begins Secondary
NETWORX2 vendor planning for (additional)
agencies begins
Secondary NETWORX2 support to agencies begins CA
Secondary NETWORX2 support to agencies begins
Planning initial agencies begins
Initial Contract Award
  • Federal NETWORX2

9
10
US-CERT Operations
  • Advance Mission in Customer Service
  • Joint Agency Cyber Knowledge Exchange (JACKE)
  • Process Improvement for incident identification,
    alert, and warning
  • Standard Operating Procedures (SOPs) Evaluation
    and Validation
  • Customer Liaisons
  • Increase staff capacity and capability
  • Hire cyber analysts, program management,
    communication and coordination personnel
  • Establish the Technical Mentoring Initiative
    enables staff to acquire role-based knowledge,
    skills and abilities
  • Build a larger interim, secure facility to
    accommodate the increased US-CERT/DHS staff and
    potential for Agency liaisons
  • Evaluate current tools and technology to increase
    staffs ability in data aggregation, correlation
    and visualization

10
11
Questions
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Federal CIO Council Brief" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!