The objective of this half-day course is to provide an overview of selected Security & Privacy methodologies and the way in which these charts can facilitate implementing Security Requirements imposed on systems by the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST) Special Publications, and Federal Information Processing Standards (FIPS) Publications. Understanding these requirements will assist the ISSO, System Owners, Program Managers and Stakeholders with the development of strategies and the application of methodologies that will improve the Availability, Confidentiality, and Integrity of Major Applications and General Support Systems.
This half-day seminar concentrates on the requirements defined in the Agency Program 3544b of the E-Government Act, Federal Information Security Management Act (FISMA), as a baseline for understanding the challenges during the Risk Management Framework (RMF), Security Engineering and raising the FISMA Scorecards. The instructor will discuss FISMA, FedRAMP, DIACAP, Privacy Management, Security Categorization, Security Assessment Report (SAR) and strategies to reduce complexities.
Each attendee will receive an 11×17 chart of the following seven (7) security and privacy methodologies as handout material to facilitate discussions:
- Federal Risk and Authorization Management Program (FedRAMP) Compliance Support
- North American Electric Reliability Corporation (NERC), Critical Infrastructure Protection Assessment (CIP) Compliance Support
- Federal Information Security Management Act (FISMA) Methodology
- Personal Identifiable Information (PII) Methodology
- Security Categorization Methodology
- Security Certification & Accreditation (A&A) Methodology
- Enterprise Security Program Assessment & Validation Methodology
- Security Assessment Report Methodology
- Security Certification and Accreditation Life-Cycle Methodology