Federal Computer Security Managers’ Forum Meeting · 2019-03-04 · Federal Computer Security...
Transcript of Federal Computer Security Managers’ Forum Meeting · 2019-03-04 · Federal Computer Security...
Federal Computer Security Managers’ Forum Meeting
February 28, 2019NIST Gaithersburg
NIST Heritage Room
NIST Building 101 Ground Floor Map
FCSM Quarterly Meeting Overview| 2
NIST Building 101 Ground Floor Map
FCSM Quarterly Meeting Overview| 3
Heritage Room West Square
Turnstile
Stairs to Outside and Basement Shelter in Place
NIST-Guest Wireless Network
• NIST-Guest is broadcasted; Use this network to connect your device.
1. Connect wirelessly to SSID: NIST-Guest 2. Open your browser, as needed. 3. If using iOS (iPhones and iPads), access a web page that does not use
https:// to get to the Access and Use Policy. 4. If using Android devices, a web page will automatically open with the Access and Use Policy.
• Review the complete Access and Use Policy by scrolling to the bottom of the Window. Acknowledge that you agree to the terms identified by selecting ACCEPT.
• Device access will be blocked if (1) it is a NIST-owned device; (2) malware or other malicious activity is detected; or (3) inappropriate online behavior is detected.
For more information, see: https://www.nist.gov/sites/default/files/documents/2016/11/08/AboutAccess.pdf
FCSM Quarterly Meeting Overview| 4
FCSM Quarterly Meeting Agenda
FCSM Quarterly Meeting Overview| 5
Time Agenda Item Presenter
9:00 a.m. Welcome and Announcements Jody Jacobs, FCSM Chairperson, NIST
9:20 a.m. USEC Overview Mary Theofanos, NIST and Julie Haney, NIST
9:30 a.m. Security Fatigue Brian Stanton, Group Leader, Visualization and Usability Group, NIST
10:20 a.m. Break
10:40 a.m. Adopting Risk Metrics for an Effective Risk Management Program
Debra Graul, Information Systems Security Manager, Pension Benefits Guaranty Corporation and Baan Alsinawi, PBGC Information Assurance Consultant, Pension Benefits Guaranty Corporation
11:30 a.m. ADJOURN FORUM MEETING
NIST Update
• NIST FISMA Publication Schedule• Retirement News• Save the Date: FY19 Meetings, Workshops, and
Conferences
FCSM Quarterly Meeting Overview| 6
NIST FISMA Publication ScheduleCurrent proposed schedule as of February 1, 2019. This is the current proposed schedule by NIST, it is subject to approval by the Office of Management and Budget; it may be subject to change. Any updates to the schedule will be posted at: https://csrc.nist.gov/Projects/Risk-Management/Schedule
• NIST Special Publication 800-53, Revision 5, Security and Privacy Controls– Final Public Draft: Spring 2019– Final Publication: Summer 2019
• NIST Special Publication 800-53A, Revision 5, Assessment Procedures for Security and Privacy Controls
– Initial Public Draft: Fall 2019– Final Public Draft: TBD– Final Publication: Spring 2020
FCSM Quarterly Meeting Overview| 7
NIST FISMA Publication Schedule (cont)
Current proposed schedule as of February 1, 2019. This is the current proposed schedule by NIST, it is subject to approval by the Office of Management and Budget; it may be subject to change. Any updates to the schedule will be posted at: https://csrc.nist.gov/Projects/Risk-Management/Schedule
• FIPS Publication 200, Revision 1, Minimum Security Requirements– Initial Public Draft: TBD pending Request for Information (RFI)– Final Public Draft: TBD pending RFI– Final Publication: TBD pending RFI
• FIPS Publication 199, Revision 1, Security Categorization– Initial Public Draft: TBD pending RFI– Final Public Draft: TBD pending RFI– Final Publication: TBD pending RFI
• Questions or comments can be submitted to: [email protected].
FCSM Quarterly Meeting Overview| 8
• Kelley Dempsey will be retiring after 38 years of federal service. • Last day in office March 11, 2019• Will be returning sometime in 2019 on a very limited part time basis
FCSM Quarterly Meeting Overview| 9
Retirement News!!!!!
• Risk Management Framework 2.0 Webinar – 2/28/2019 from 1:00p – 3:00p– https://go.usa.gov/xENcs
• At the conclusion of the event, speakers will address questions sent to [email protected] or Twitter using the hashtag #NISTRMF
• Overlay Repository– Spring 2019
• Privacy Framework Request for Information (RFI) – Reviewed all 79 responses, responses
are on website, https://www.nist.gov/privacy-framework/request-information– If a response to the RFI, but don’t see it listed email: [email protected]– Submit feedback on the RFI (even after deadline has passed) always willing to
accept and review feedback
FCSM Quarterly Meeting Overview| 10
Upcoming Meetings, Workshops and Conferences -Save the Date!
Upcoming Meetings, Workshops and Conferences -Save the Date! (cont)• Privacy Framework at RSA Conference 2019
– Multiple learning sessions some require pre-event registration– https://www.nist.gov/privacy-framework/events for event details
FCSM Quarterly Meeting Overview| 11
Upcoming Meetings, Workshops and Conferences -Save the Date! (cont)• Ongoing: Request Input for FCSM Topics and Speakers!!!!!!!
– Theme for 2019 2-day conference is “privacy”– Volunteer for presentation, talk about your program, innovative solution showcase! – Send to [email protected]
• Next FCSM Quarterly Meeting– May 8-9, 2019 @ NIST Gaithersburg, Green Auditorium https://go.usa.gov/xE5RH– September 10, 2019 @ NIST Gaithersburg, Heritage Room
For more information:https://csrc.nist.gov/Projects/Forum
FCSM Quarterly Meeting Overview| 12