emass the true story
play

eMASS, the True Story Todays Presenter: Rebecca Onuskanich, - PowerPoint PPT Presentation

Nov 08, 2023 •233 likes •575 views

https://www.csiac.org/ eMASS, the True Story Todays Presenter: Rebecca Onuskanich, Cybersecurity Consultant June 29, 2017 Moderator: Steve Warzala swarzala@quanterion.com The Risk Management Framework Process Step 6: Step 1:

  1. https://www.csiac.org/ eMASS, the True Story Today’s Presenter: Rebecca Onuskanich, Cybersecurity Consultant June 29, 2017 Moderator: Steve Warzala swarzala@quanterion.com

  2. The Risk Management Framework Process Step 6: Step 1: Continuous Categorize Monitoring Step 5: Authorize Step 2: Select Step 4: Step 3: Assess Implement *Derived from requirements in NIST SP 800-37, Rev. 1 and DoDI 8510.01

  3. The Risk Management Framework Process Step 6: Step 1: Continuous Categorize STEP 1: Categorize System Monitoring • No linkage to NIST 800-60 Vol II or guidance in eMass on categorizing. • Categorize the System in accordance with the CNSS 1253 • Initiate the Security Plan – define system description and boundary Step 5: Authorize Step 2: Select • Register system with DoD Component Cybersecurity Program • Assign qualified personnel to RMF roles. Step 4: Step 3: Assess Implement *Derived from requirements in NIST SP 800-37, Rev. 1 and DoDI 8510.01

  4. The Risk Management Framework Process STEP 2: Select Security Controls Step 6: Step 1: • Continuous Categorize The number of CCI’s managed in eMass is overwhelming. Step away from the STEP 1: Categorize System Monitoring computer! • No linkage to NIST 800-60 Vol II or guidance in eMass on categorizing. • Identify the security controls that are provided by the organization as • Categorize the System in accordance with the CNSS 1253 common and document in Security Plan. • Initiate the Security Plan – define system description and boundary Step 5: Authorize Step 2: Select • Select the security controls, apply overlays, and tailor accordingly • Register system with DoD Component Cybersecurity Program • Develop a strategy for the continuous monitoring of security control • Assign qualified personnel to RMF roles. effectiveness and any proposed/actual changes to the information system Step 4: Step 3: and environment of operation. Assess Implement • Review and approve the Security Plan and ConMon Strategy *Derived from requirements in NIST SP 800-37, Rev. 1 and DoDI 8510.01

  5. The Risk Management Framework Process STEP 2: Select Security Controls Step 6: Step 1: STEP 3: Implement Security Controls • Continuous Categorize The number of CCI’s managed in eMass is overwhelming. Step away from the STEP 1: Categorize System Monitoring • Evidence and artifacts are uploaded. Managing these artifacts can computer! • No linkage to NIST 800-60 Vol II or guidance in eMass on categorizing. • Identify the security controls that are provided by the organization as become a Configuration Management headache! • Categorize the System in accordance with the CNSS 1253 common and document in Security Plan. • Implement the security controls specified in the security plan in • Initiate the Security Plan – define system description and boundary Step 5: Authorize Step 2: Select • Select the security controls, apply overlays, and tailor accordingly • Register system with DoD Component Cybersecurity Program accordance with DoD implementation guidance found on the KS. • Develop a strategy for the continuous monitoring of security control • Document the security control implementation in accordance with • Assign qualified personnel to RMF roles. effectiveness and any proposed/actual changes to the information system DoD implementation guidance in the Security Plan Step 4: Step 3: and environment of operation. Assess Implement • Review and approve the Security Plan and ConMon Strategy *Derived from requirements in NIST SP 800-37, Rev. 1 and DoDI 8510.01

  6. The Risk Management Framework Process STEP 2: Select Security Controls Step 6: Step 1: STEP 4: Assess Security Controls STEP 3: Implement Security Controls • Continuous Categorize The number of CCI’s managed in eMass is overwhelming. Step away from the STEP 1: Categorize System • Conducted by the SCA. The control status will be changed to “OFFICIAL” Monitoring • Evidence and artifacts are uploaded. Managing these artifacts can computer! • No linkage to NIST 800-60 Vol II or guidance in eMass on categorizing. • Develop and approve Security Assessment Plan (SAP) • Identify the security controls that are provided by the organization as become a Configuration Management headache! • Categorize the System in accordance with the CNSS 1253 • The Security Controls Assessor (SCA) will assess security controls as common and document in Security Plan. • Implement the security controls specified in the security plan in • Initiate the Security Plan – define system description and boundary Step 5: Authorize Step 2: Select defined in SAP. • Select the security controls, apply overlays, and tailor accordingly • Register system with DoD Component Cybersecurity Program accordance with DoD implementation guidance found on the KS. • Complete Security Assessment Report (SAR) (prepared by Security • Develop a strategy for the continuous monitoring of security control • Document the security control implementation in accordance with • Assign qualified personnel to RMF roles. Control Assessor (SCA) effectiveness and any proposed/actual changes to the information system DoD implementation guidance in the Security Plan • Conduct initial remediation actions Step 4: Step 3: and environment of operation. Assess Implement • Review and approve the Security Plan and ConMon Strategy *Derived from requirements in NIST SP 800-37, Rev. 1 and DoDI 8510.01

  7. The Risk Management Framework Process STEP 5: Authorize System STEP 2: Select Security Controls Step 6: Step 1: STEP 4: Assess Security Controls • STEP 3: Implement Security Controls • Authorization is submitted through eMass to the AO. MUST communicate with your Continuous Categorize The number of CCI’s managed in eMass is overwhelming. Step away from the STEP 1: Categorize System • Conducted by the SCA. The control status will be changed to “OFFICIAL” Monitoring • Evidence and artifacts are uploaded. Managing these artifacts can chain to ensure they are aware of the incoming/pending request. computer! • No linkage to NIST 800-60 Vol II or guidance in eMass on categorizing. • Develop and approve Security Assessment Plan (SAP) • Prepare the Plan of Action and Milestones (POA&M) • Identify the security controls that are provided by the organization as become a Configuration Management headache! • Categorize the System in accordance with the CNSS 1253 • The Security Controls Assessor (SCA) will assess security controls as • Submit Security Authorization package (Security Plan, SAR, RAR, POA&M) to common and document in Security Plan. • Implement the security controls specified in the security plan in • Initiate the Security Plan – define system description and boundary Step 5: Authorize Step 2: Select Authorizing Official (AO) defined in SAP. • Select the security controls, apply overlays, and tailor accordingly • Register system with DoD Component Cybersecurity Program accordance with DoD implementation guidance found on the KS. • AO to determine the risk to organizational operations (including mission, • Complete Security Assessment Report (SAR) (prepared by Security • Develop a strategy for the continuous monitoring of security control • Document the security control implementation in accordance with • Assign qualified personnel to RMF roles. functions, image, or reputation), organizational assets, individuals, other Control Assessor (SCA) effectiveness and any proposed/actual changes to the information system organizations, or the Nation. DoD implementation guidance in the Security Plan • Conduct initial remediation actions Step 4: Step 3: and environment of operation. • AO makes authorization decision (ATO, IATT, DATO Assess Implement • Review and approve the Security Plan and ConMon Strategy *Derived from requirements in NIST SP 800-37, Rev. 1 and DoDI 8510.01

Recommend

TRUE patriot LOVE TRUE patriot LOVE The story of magazines in Canada is a political

TRUE patriot LOVE TRUE patriot LOVE The story of magazines in Canada is a political

TRUE patriot LOVE TRUE patriot LOVE The story of magazines in Canada is a political saga of small independent interests struggling to survive in an environment dominated by foreign interests. Historica Canada TRUE patriot

931 views • 29 slides
Configuration Management A True Life Story October 16, 2018 Page 1 | Configuration Management:

Configuration Management A True Life Story October 16, 2018 Page 1 | Configuration Management:

Configuration Management A True Life Story October 16, 2018 Page 1 | Configuration Management: A True Life Story John E. Picozzi Senior Drupal Architect Drupal Providence 401-228-7660 oomphinc.com 72 Clifford Street, oomph.is/jpicozzi

553 views • 31 slides
Another System De fi nition Facility version 3.1 A traverse across the build A monster hunt story

Another System De fi nition Facility version 3.1 A traverse across the build A monster hunt story

Another System De fi nition Facility version 3.1 A traverse across the build A monster hunt story Franois-Ren Rideau <tunes@google.com> 1 Based on a true story! 2 Based on a true story! Setting: a seemingly peaceful little village

411 views • 15 slides
SMA is a t a true g growth story y more t than an 60 % % p.a. a. sal ales increas ase

SMA is a t a true g growth story y more t than an 60 % % p.a. a. sal ales increas ase

1. SMA | 2. Market | 3. Technology | 4. Service | 5. Flexibility | 6. Subsidies to Competitiveness SMA is a t a true g growth story y more t than an 60 % % p.a. a. sal ales increas ase in las ast

314 views • 5 slides
1 QC STORY -32 QC STORY -32 QC STORY -32 QC Story-1 QC Story-1 QC Story-1 Awards and

1 QC STORY -32 QC STORY -32 QC STORY -32 QC Story-1 QC Story-1 QC Story-1 Awards and

QC STORY -32 QC STORY -32 QC STORY -32 Shop Floor view QC Story-1 QC Story-1 FACTORY OVERVIEW QC Story-1 On Behalf of Susira Industries Ltd., Chennai. We Welcome the Delegates for the QCI DL SHAH NATIONAL AWARDS ON ECONOMICS OF

976 views • 13 slides
ATA Conference 2008 Electronic Dictionaries The following story is true. Only the names have been

ATA Conference 2008 Electronic Dictionaries The following story is true. Only the names have been

ATA Conference 2008 Electronic Dictionaries The following story is true. Only the names have been changed to protect the innocent On October 1, 2008, MultiTran crashed. Real comments from the Russian Translators group on Yahoo: Is anyone

157 views • 12 slides
Secrets, Visions, and Miracles The True ue Story of f Fatima Tuesday, April 25 7pm St.

Secrets, Visions, and Miracles The True ue Story of f Fatima Tuesday, April 25 7pm St.

Secrets, Visions, and Miracles The True ue Story of f Fatima Tuesday, April 25 7pm St. Thomas Aquinas Room The Setting Portugal Catholic nation for centuries but endured Muslim rule under the Moors (500 yrs) Constitutional

544 views • 32 slides
WAR CORRESPONDENTS What if journalists never come back... Based on true story WHO ARE THEY?

WAR CORRESPONDENTS What if journalists never come back... Based on true story WHO ARE THEY?

WAR CORRESPONDENTS What if journalists never come back... Based on true story WHO ARE THEY? War Correspondents are reporters or commentators assigned to send news or opinions directly from battle areas Embedded Journalists are news

534 views • 20 slides
Unbound & FreeBSD A true love story (at the end of November 2013) 1 Presentation for

Unbound & FreeBSD A true love story (at the end of November 2013) 1 Presentation for

Unbound & FreeBSD A true love story (at the end of November 2013) 1 Presentation for EUROBSDCON 2019 Conference September 19-22, 2019 Lillehammer, Norway 2 About me: Pablo Carboni (42) , from Buenos Aires, Argentina. Worked as Unix

453 views • 31 slides
Nothing to Disclose A true story as told on KevinMD, Feb 1, 2012 Simple lesson? Role

Nothing to Disclose A true story as told on KevinMD, Feb 1, 2012 Simple lesson? Role

Nothing to Disclose A true story as told on KevinMD, Feb 1, 2012 Simple lesson? Role modeling powerful among ways to teach professionalism; yet: Survey of 1,891 U.S. Physicians (64% resp.)* 1/3: disagree with disclosing errors

393 views • 38 slides
God in Movies True Story the question Why Why Does God Allow Some Doors to Close and

God in Movies True Story the question Why Why Does God Allow Some Doors to Close and

God in Movies True Story the question Why Why Does God Allow Some Doors to Close and Others to Open? Rev 3:7 What the Lord opens, no one can close; and what he closes, no one can open Background of Jimmy Adams

510 views • 15 slides
Memoir-true story books and films to study: approximately 40% of Best Picture nominees in the

Memoir-true story books and films to study: approximately 40% of Best Picture nominees in the

Memoir-true story books and films to study: approximately 40% of Best Picture nominees in the last few years, including Darkest Hour, The Post, Hidden Figures, The Imitation Game, The Theory of Everything, Foxcatcher, Wild, Selma, 12 Years A

806 views • 19 slides
TRUE IT A LI A N T A STE PROJECT WH A T IS THE TRUE IT A LI A N T A STE PROJECT ? The True

TRUE IT A LI A N T A STE PROJECT WH A T IS THE TRUE IT A LI A N T A STE PROJECT ? The True

I T A L Y - A M E R I C A C H A M B E R O F C O M M E R C E TRUE IT A LI A N T A STE PROJECT WH A T IS THE TRUE IT A LI A N T A STE PROJECT ? The True Italian Taste project is a large-scale educational and promotional initiative aimed at

80 views • 6 slides
(A true story on) Achieving end-to-end NFV with OpenStack and Open Source MANO May 2018

(A true story on) Achieving end-to-end NFV with OpenStack and Open Source MANO May 2018

(A true story on) Achieving end-to-end NFV with OpenStack and Open Source MANO May 2018 Gianpietro Lavado - Senior Architect, Whitestack Why are we doing this? Why NFV? Why a MANO stack? Why Open Source? We want more efficient We want more

537 views • 15 slides
NON-NATIVE ENGLISH SPEAKERS IN OPENSTACK COMMUNITY: A TRUE STORY Masayuki Igawa Dong Ma Samuel

NON-NATIVE ENGLISH SPEAKERS IN OPENSTACK COMMUNITY: A TRUE STORY Masayuki Igawa Dong Ma Samuel

NON-NATIVE ENGLISH SPEAKERS IN OPENSTACK COMMUNITY: A TRUE STORY Masayuki Igawa Dong Ma Samuel de Medeiros Queiroz @masayukig @wintermadong @_samueldmq OpenStack Summit 2017 Boston - Wed, 10th May This work is licensed under a Creative

246 views • 8 slides
Russian palatalization: the true(r) story Pavel Iosad pavel.iosad@uit.no Bruce Morn-Duollj

Russian palatalization: the true(r) story Pavel Iosad pavel.iosad@uit.no Bruce Morn-Duollj

Data Approaches and problems The proposal Russian palatalization: the true(r) story Pavel Iosad pavel.iosad@uit.no Bruce Morn-Duollj bruce.moren@uit.no Universitetet i Troms/CASTL Old World Conference in Phonology 7 Universitat de

816 views • 59 slides
Fall 2020 Middle Grade Everything Sad Is Untrue Middle Grade (a true story) By Daniel Nayeri

Fall 2020 Middle Grade Everything Sad Is Untrue Middle Grade (a true story) By Daniel Nayeri

Fall 2020 Middle Grade Everything Sad Is Untrue Middle Grade (a true story) By Daniel Nayeri Reasons to Love this Book On Sale Date: One of the youngest publishers in the industry August 25, 2020 A pulled-from-the-headlines

854 views • 52 slides
Real Finnish Lessons The True Story of an Education Miracle Gabriel Heller Sahlgren London

Real Finnish Lessons The True Story of an Education Miracle Gabriel Heller Sahlgren London

Real Finnish Lessons The True Story of an Education Miracle Gabriel Heller Sahlgren London School of Economics Research Institute of Industrial Economics, Centre for the Study of Market Reform of Education #FinnishCam Finlands success in

190 views • 18 slides
Personal Statements TRUE FALSE TRUE FALSE TRUE There is a 4,000 character

Personal Statements TRUE FALSE TRUE FALSE TRUE There is a 4,000 character

Personal Statements TRUE FALSE TRUE FALSE TRUE There is a 4,000 character limit (including spaces) or 47 lines. It comes to about 1.5 A4 pages. TRUE FALSE The university will receive your whole UCAS application which

443 views • 43 slides
between the mountains and the sea True Majesty. True North. True Scotland CruiseAberdeenshire

between the mountains and the sea True Majesty. True North. True Scotland CruiseAberdeenshire

between the mountains and the sea True Majesty. True North. True Scotland CruiseAberdeenshire offers: CruiseA eAber berdeensh deenshir ire is a working alliance between Aberdeen A joined-up Port and Destination offering Harbour

590 views • 32 slides
CMU 15-896 Fair division 3: Rent division Teacher: Ariel Procaccia A true story In 2001 I

CMU 15-896 Fair division 3: Rent division Teacher: Ariel Procaccia A true story In 2001 I

CMU 15-896 Fair division 3: Rent division Teacher: Ariel Procaccia A true story In 2001 I moved into an apartment in Jerusalem with Naomi and Nir One larger bedroom, two smaller bedrooms Naomi and I searched for the apartment, Nir

417 views • 25 slides
By: Ronoh Kipronoh P . THE DIGITAL LITERACY KENYA CASE -TRUE STORY DIRECTOR , ICTA email:

By: Ronoh Kipronoh P . THE DIGITAL LITERACY KENYA CASE -TRUE STORY DIRECTOR , ICTA email:

TRANSFORMING AFRICAS EDUCATION THROUGH ICT By: Ronoh Kipronoh P . THE DIGITAL LITERACY KENYA CASE -TRUE STORY DIRECTOR , ICTA email: digischool@ict.go.ke 5/9/17 | Digital Literacy Programme For Schools | 1 communications@ict.go.ke

655 views • 14 slides
Natlang Code book Based on a true story by Ramtin M. Seraj Spring 2015 1 Natural Language

Natlang Code book Based on a true story by Ramtin M. Seraj Spring 2015 1 Natural Language

Natlang Code book Based on a true story by Ramtin M. Seraj Spring 2015 1 Natural Language Processor Natural 2 I have many questions in my mind? Who can answer It ? Right now I am reading all texts available on the internet, I can

370 views • 17 slides
THE PERFECT STORM : The BLT Restructuring Story Connecticut Maritime Association Luncheon

THE PERFECT STORM : The BLT Restructuring Story Connecticut Maritime Association Luncheon

THE PERFECT STORM : The BLT Restructuring Story Connecticut Maritime Association Luncheon February 18, 2016 Based Upon Actual Events The True Story of the Four Year Restructuring of Berlian Laju Tanker 1 Prologue Fair Winds &

452 views • 18 slides

More recommend