CSAM DOJ Briefing Day2

Uploaded from authorPOINT Lite
Download as
 PPT
Presentation Description 

No description available

Comments Sign in to comment
Embed URL Thumbnail


Custom Embed WordPress Embed

Views: 611
Like it  ( Likes) Dislike it  ( Dislikes)
Added: April 22, 2008 This Presentation is Public 
Presentation Category : Education All Rights Reserved
Tags Add Tags
Presentation Statistics
Views on authorSTREAM: 595 | Views from Embeds: 16
Others - 16 views
Presentation Transcript

Slide1: Introduction and Overview Highlights and Capabilities Business Readiness Pricing Model Conclusion Q and A’s IT Security Program Purpose: Support Department of Justice Strategic Goals by ensuring Integrity, Confidentiality, and Availability of information and information systems. Dennis Heretick Deputy CIO, IT Security Department of Justice Dennis.heretick@usdoj.gov Customer Information Day Information System Security Line of Business March 13, 2007 Cyber Security Assessment and Management (CSAM) Comprehensive FISMA Compliance Technology and Support Services


Slide2: Cyber Security Assessment and Management (CSAM) Certification & Accreditation (DOJ IT Security Standards (FISCAM/FIPS 200/NIST 800-53) Inventory/Interconnections (CA-3) Scope Security Category Inherit Common Controls (MOA/SLA) (CA-2) C&A Team Review/Update Risk Assessment POA&M & Funding Decision Implement/Maintain Technical/Operational Controls Security Requirements Selection and Assign Responsibilities (PL-2) System Description Life Cycle Mgmt (SA-3) Configuration Management (PL-1) Exercise & Update Incident Response Plan ( IR-7) Exercise & Update Contingency Plan (CP-10) Awareness & Training (AT- 2 & 3) Physical/Environ Protection (PE-4) Personnel Security (PS-8) Media Protection (MP-7) Dec 06 – Dec 07 Jan 07 – Jan 08 Feb 06 – Mar 07 with ongoing maintenance Monthly Review Dashboard OMB Report Vulnerability Scans DB App Scan Web App Scan Asset Discovery/Mgmt Security Info Mgmt Config Sec 1. 2. 3. Access Controls (AC 2-20) Vulnerability Mgmt (RA-5) Audit and Accountability (AU 2- 11) Identification and Authentication ( IA 2-7) Systems & Communications Protection (SC 2-19) System and Information Integrity (SI 2-12) Vulnerability Mgmt Plan DB Application Discovery


Slide3: Cyber Security Assessment and Management (CSAM) PRESIDENTS MANAGEMENT AGENDA FISMA, DCID 6/3 DOJ IT SECURITY STDS FISCAM, FIPS/NIST 800-53 Cost + Implementation Guidance RA-1 Risk Assessment and Procedures PL-1 Security Planning Policy and Procedures. SA-1 System & Services Acquisition Policy & Procedures CA-1 Certification & Accreditation & Security Assessment Policies and Procedures. Technical Controls Management Controls Test Case for Each Requirement Plans of Action & Milestones (POA&M) Implementation Requirements Control Objective (Subordinate Objective) Control Techniques Specific Criteria Prerequisite Controls Test Objective Test Set Up Test Steps Expected Results: Actual Results: Cost PASS FAIL Test Case RA-1.1 Test Case PL-1.8 Test Case SA-1.1 Test Case nn.n.n. Test Case CA-1.3 Cyber Security Assessment & Mgmt TrustedAgent (CSAM) OMB FISMA Reporting Operational Controls Vulner Control Vulner Level Threat Level Signif Level X X Total Risk = Risk Assessment Cost + Implementation Guidance PS-1 Personnel Security Policy & Procedures PE-1 Physical Environmental Protection Policy & Procedures CP-1 Contingency Planning Policy & Procedures CM-1 Configuration Management Policy & Procedures. Cost + Implementation Guidance IA-1 Identification and Authentication Policy & Procedures AC-1 Access Control Policy & Procedures AU-1 Audit & Accountability Policy & Procedures SC-1 System & Comm Protection Policy & Procedures.


Slide4: 1. Risk-based Policy and Implementation Guidance Establish Program Implementation Strategy Set Up System Inventory Process Establish Goals, Performance Metrics, and Monitor Performance Identify Enterprise Solutions Provide Cost Guidance Performance Dashboard to Monitor Implementation Requirements Determination Scope Security Category (FIPS 199) Inheritance of Security Controls Initial Minimum Control Set Testing Integrated into Implementation Identify Residual Risks & POA&M Mgmt Generate an SSP with Artifacts Support Continuous Monitoring 2. Enterprise Program Management Plan 3. Subordinate System Security Plan (SSP) Authoring Tool to Tailor IT Security Standards & Procedures to Agency Needs Assign Agency, Component, and System Roles and Responsibilities Employ Automated Risk Assessment Methodology CSAM -- Comprehensive FISMA Compliance Technical and Support Services


Slide5: Responsive actions to customer feedback and continuous improvements are key to ensuring satisfied users CSAM Strategy Justice has successfully implemented service level agreements and revolving funds to support IT operations Reliable reimbursement process for managing reimbursable customer contracting support arrangements is in place Several Justice contracting vehicles are in place BPA Delivery Orders ITSS-3 Indefinite Delivery/Indefinite Quantity Contract GSA Schedule Business Readiness


Slide6: CSAM Pricing Model (Partnership Fee/Software License/Maintenance) 01-09 Systems -- $ 25K 10-24 Systems -- $ 30K 25-49 Systems -- $ 45K 50-99 Systems -- $100K 100-149 Systems --$125K 150-199 Systems --$150K 200-249 Systems -- $175K 250-299 Systems -- $200K 300- 349 Systems -- $225K 350- 399 Systems -- $250K 400 -450 Systems -- $275K 451- 499 Systems -- $300K 500- 549 Systems -- $325K 550- 599 Systems -- $350K 600- 650 Systems -- $375K 650- 699 Systems -- $400K 700-749 Systems -- $425K 750-799 Systems -- $450K


Slide7: CSAM Pricing Model (Installation and Help Desk Services)


Slide8: CSAM Pricing Model (Policy, Enterprise Program Management Plan)


Slide9: CSAM Pricing Model (Training) Initial Training Classes Four hours classroom training -- $200/per user Quarterly Workshops -- Train with Automated Tools, Enhancements and Share Lessons Learned Each user receives 4 hours training per quarter --$200/per user Two Day workshops -- $800/per user


Slide10: Pricing Model (Certification and Accreditation Services)


Slide11: Conclusion CSAM… Is a comprehensive FISMA compliance Technology and Support Services solution The CSAM solution includes… Risk-based Policy and Implementation Guidance Enterprise Program Management Plan Subordinate System Security Plans Training and Quarterly Workshops Robust Management Reporting For more information or to request a system demonstration, email: DOJLOBCSAM@usdoj.gov or contact: Ken Gandola Jim Leahy 202-353-0081 202-353-8741 Kenneth.d.gandola@usdoj.gov james.t.leahy@usdoj.gov