Computer Security Status Report - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Computer Security Status Report

Description:

Federal Information Processing Standards (FIPS 199 and 200). OMB Circulars, Memoranda, Bulletins, Guidance. All available for reference on the internet. ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 12
Provided by: JackSc9
Category:

less

Transcript and Presenter's Notes

Title: Computer Security Status Report


1
Computer SecurityStatus Report
  • December 19, 2014

2
Apps and things
  • Fermware
  • portscan-me-now
  • exploit-me-now
  • surf-me-now
  • NetIDMgr passed to Jack's group
  • CSA App coming along
  • Next STE version quickly coming along

3
Document ProcessingTypes of Documents
  • 2 broad categories
  • Compliance-centric mandates, directives
  • Performance-centric guidance, recommendations

4
Compliance DocumentsGeneral
  • FISMA 2002
  • NIST Special Publications 800 Series
  • Federal Information Processing Standards (FIPS
    199 and 200).
  • OMB Circulars, Memoranda, Bulletins, Guidance.
  • All available for reference on the internet.
    Google a great way to find them.

5
Compliance DocumentsSpecific
  • DOE-CS PCSP (Program Cyber Security Plan).
  • Mandatory for all the Science Labs.
  • Our interface between most of the Govt and
    Fermilab.
  • Walks the line between prescriptive and
    risk-based approaches, in favor of the latter.
  • Available from the DOE-SC web site.

6
Fermi CS Documents
  • The types and structure are compliant with
    NIST/FIPS.
  • The content is hopefully as useful and
    performance oriented as possible using a risk
    based approach to Security.

7
Processing CS Documents
  • Tools
  • DocDB version tracking, archiving, search
    features, edit controls, certs access. Largely
    authored and maintained by Fermi CS. DocDB
  • CST Document Index needs help!
  • Web-based STE tracking tool with links to
    DocDB. FNAL STE Status
  • E-mail archives ad-hoc, not sure how useful
    these are for information, compliance-oriented.
  • Shared server file folders DOE Data Call copies
    DOE Documents for review (TMRs).
  • Plone repository for informal CSExec mtg notes.

8
POAM Document Item
  • Example of document update tracking.
  • Finding from an audit enters the list. POAM
    Tracker
  • Assigned staff reviews finding, produces MU
    version(s). GCE Risk Assessment
  • Original and MU(s) are kept in DocDB.
  • MU version reviewed by relevant groups for
    approval.
  • Final review by CSExec and approved.
  • Final document changes accepted, saved into
    DocDB document.

9
Final Comments
  • For the sake of compliance archiving, DocDB is
    OK.
  • The CST index helps make DocDB easier and quicker
    to use, but its difficult to update and
    maintain.
  • Web friendly information could improve
    performance and productivity.
  • CD Web Site committee trial web page layout tool
    with integrated content management (CMS) from
    Xeno Media.

10
The Goal
  • Remember in Computer Security its performance
    ahead of compliance.

11
QA
Write a Comment
User Comments (0)
About PowerShow.com