Federal Computer Security Managers’ Forum Meeting

February 28, 2019NIST Gaithersburg

NIST Heritage Room

NIST Building 101 Ground Floor Map

FCSM Quarterly Meeting Overview| 2

NIST Building 101 Ground Floor Map

FCSM Quarterly Meeting Overview| 3

Heritage Room West Square

Turnstile

Stairs to Outside and Basement Shelter in Place

NIST-Guest Wireless Network

• NIST-Guest is broadcasted; Use this network to connect your device.

1. Connect wirelessly to SSID: NIST-Guest 2. Open your browser, as needed. 3. If using iOS (iPhones and iPads), access a web page that does not use

https:// to get to the Access and Use Policy. 4. If using Android devices, a web page will automatically open with the Access and Use Policy.

• Review the complete Access and Use Policy by scrolling to the bottom of the Window. Acknowledge that you agree to the terms identified by selecting ACCEPT.

• Device access will be blocked if (1) it is a NIST-owned device; (2) malware or other malicious activity is detected; or (3) inappropriate online behavior is detected.

For more information, see: https://www.nist.gov/sites/default/files/documents/2016/11/08/AboutAccess.pdf

FCSM Quarterly Meeting Overview| 4

FCSM Quarterly Meeting Agenda

FCSM Quarterly Meeting Overview| 5

Time Agenda Item Presenter

9:00 a.m. Welcome and Announcements Jody Jacobs, FCSM Chairperson, NIST

9:20 a.m. USEC Overview Mary Theofanos, NIST and Julie Haney, NIST

9:30 a.m. Security Fatigue Brian Stanton, Group Leader, Visualization and Usability Group, NIST

10:20 a.m. Break

10:40 a.m. Adopting Risk Metrics for an Effective Risk Management Program

Debra Graul, Information Systems Security Manager, Pension Benefits Guaranty Corporation and Baan Alsinawi, PBGC Information Assurance Consultant, Pension Benefits Guaranty Corporation

11:30 a.m. ADJOURN FORUM MEETING

NIST Update

• NIST FISMA Publication Schedule• Retirement News• Save the Date: FY19 Meetings, Workshops, and

Conferences

FCSM Quarterly Meeting Overview| 6

NIST FISMA Publication ScheduleCurrent proposed schedule as of February 1, 2019. This is the current proposed schedule by NIST, it is subject to approval by the Office of Management and Budget; it may be subject to change. Any updates to the schedule will be posted at: https://csrc.nist.gov/Projects/Risk-Management/Schedule

• NIST Special Publication 800-53, Revision 5, Security and Privacy Controls– Final Public Draft: Spring 2019– Final Publication: Summer 2019

• NIST Special Publication 800-53A, Revision 5, Assessment Procedures for Security and Privacy Controls

– Initial Public Draft: Fall 2019– Final Public Draft: TBD– Final Publication: Spring 2020

FCSM Quarterly Meeting Overview| 7

NIST FISMA Publication Schedule (cont)

Current proposed schedule as of February 1, 2019. This is the current proposed schedule by NIST, it is subject to approval by the Office of Management and Budget; it may be subject to change. Any updates to the schedule will be posted at: https://csrc.nist.gov/Projects/Risk-Management/Schedule

• FIPS Publication 200, Revision 1, Minimum Security Requirements– Initial Public Draft: TBD pending Request for Information (RFI)– Final Public Draft: TBD pending RFI– Final Publication: TBD pending RFI

• FIPS Publication 199, Revision 1, Security Categorization– Initial Public Draft: TBD pending RFI– Final Public Draft: TBD pending RFI– Final Publication: TBD pending RFI

• Questions or comments can be submitted to: sec-cert@nist.gov.

FCSM Quarterly Meeting Overview| 8

• Kelley Dempsey will be retiring after 38 years of federal service. • Last day in office March 11, 2019• Will be returning sometime in 2019 on a very limited part time basis

FCSM Quarterly Meeting Overview| 9

Retirement News!!!!!

• Risk Management Framework 2.0 Webinar – 2/28/2019 from 1:00p – 3:00p– https://go.usa.gov/xENcs

• At the conclusion of the event, speakers will address questions sent to sec-cert@nist.gov or Twitter using the hashtag #NISTRMF

• Overlay Repository– Spring 2019

• Privacy Framework Request for Information (RFI) – Reviewed all 79 responses, responses

are on website, https://www.nist.gov/privacy-framework/request-information– If a response to the RFI, but don’t see it listed email: privacyframework@nist.gov– Submit feedback on the RFI (even after deadline has passed) always willing to

accept and review feedback

FCSM Quarterly Meeting Overview| 10

Upcoming Meetings, Workshops and Conferences -Save the Date!

Upcoming Meetings, Workshops and Conferences -Save the Date! (cont)• Privacy Framework at RSA Conference 2019

– Multiple learning sessions some require pre-event registration– https://www.nist.gov/privacy-framework/events for event details

FCSM Quarterly Meeting Overview| 11

Upcoming Meetings, Workshops and Conferences -Save the Date! (cont)• Ongoing: Request Input for FCSM Topics and Speakers!!!!!!!

– Theme for 2019 2-day conference is “privacy”– Volunteer for presentation, talk about your program, innovative solution showcase! – Send to sec-forum@nist.gov

• Next FCSM Quarterly Meeting– May 8-9, 2019 @ NIST Gaithersburg, Green Auditorium https://go.usa.gov/xE5RH– September 10, 2019 @ NIST Gaithersburg, Heritage Room

For more information:https://csrc.nist.gov/Projects/Forum

FCSM Quarterly Meeting Overview| 12