Federal Computer Security Managers’ Forum Quarterly Meeting November 2, 2017 National Cybersecurity Center of Excellence
Safety/Evacuation Evacuation Emergencies What Will Happen During an Evacuation Event? • A building-wide alarm will sound • Verbal instructions over the building’s public address (PA) system will follow shortly after the alarm • Exit the conference room and head for the nearest exit ( Red Signs – Upper Right Map ) • If the Security Guard is close by and accessible, ask for further instruction • Once outside the building, swiftly walk toward the designated meeting area near the posted sign stating “Evacuation Meeting Area” ( Yellow Sign – Lower Right Map ) Shelter-In-Place (SIP) Emergencies What Will Happen During an Evacuation Event? • A building-wide alarm will sound • Verbal instructions over the building’s public address (PA) system will follow shortly after the alarm • Exit the conference room and head for the nearest SIP hallway or room ( Yellow Signs – Upper Right Map ) • If the Security Guard is close by and accessible, ask for further instruction FCSM Quarterly Meeting Overview| 2
NIST-Guest Wireless Network NIST-Guest is broadcasted; Use this network to connect • your device. 1. Connect wirelessly to SSID: NIST-Guest 2. Open your browser, as needed. 3. If using iOS (iPhones and iPads), access a web page that does not use https:// (for example, http://www.apple.com) to get to the Access and Use Policy. 4. If using Android devices, a web page will automatically open with the Access and Use Policy. Review the complete Access and Use Policy by scrolling to the bottom of the • Window. Acknowledge that you agree to the terms identified by selecting ACCEPT. Device access will be blocked if (1) it is a NIST-owned device; (2) malware or • other malicious activity is detected; or (3) inappropriate online behavior is detected. For more information, see: https://www.nist.gov/sites/default/files/documents/2016/11/08/AboutAccess.pdf FCSM Quarterly Meeting Overview| 3
FCSM Quarterly Meeting Agenda November 2, 2017 9:00 AM Welcome and Update from NIST Jody Jacobs, NIST 9:30 AM Internet of Things (IOT) Security and Privacy Considerations Suzanne Lightman, NIST 10:15 AM Break 10:30 AM Derived PIV Credentials Chris Brown, NIST 11:15 AM Tour of NCCoE Susan Prince, NIST 12:00 PM Adjourn FCSM Quarterly Meeting Overview| 4
NIST Update • Draft SP 800-53, Revision 5 • Draft SP 800-37, Revision 2 • Additional Publications Pending Update/In Development • Updated CSRC Site and Upcoming Listserv Changes • Save the Date: FY2018 FCSM Meetings FCSM Quarterly Meeting Overview| 5
NIST Update: Draft SP 800-53, Rev 5 • Initial Public Draft (IPD) published public 3000+ Aug 15, 2017 comments 115+ stakeholders • 30 day public comment period (through Sept 12, 2017) – Also published “red-line” version of controls and baselines that highlight significant technical updates and changes FCSM Quarterly Meeting Overview| 6
NIST Update: Planned SP 800-53, Rev 5 Publication Schedule* Aug | Sept | Oct | Nov | Dec | Jan | Feb | Mar | April | May Joint Task Force Comment Adjudication Release Final Public Draft (FPD) 30-Day FPD Public Comment Period Release Final Joint Task Force Comment Adjudication *Awaiting OMB Approval; Dates subject to change FCSM Quarterly Meeting Overview| 7
NIST Update: Draft SP 800-37, Rev 2 Discussion Draft published Sept. 28, 2017 in preparation for the NIST Risk • Management Framework (RMF) Workshop • RMF Workshop held Oct. 3, 2017 @ NCCoE – Opportunity to get initial stakeholder feedback/input – Workshop summary, CEU form available on event site: https://csrc.nist.gov/Events/2017/NIST-Risk-Management-Framework-Workshop • Update Objectives: Closer linkage to risk management (RM) processes and – activities at C-suite level and system/operational level (including SP 800-39) – Institutionalize enterprise-wide RM preparation activities – Demonstrate how the Cybersecurity Framework can be implemented using established NIST RM processes – Integration of privacy risk management concepts into the RMF and support use of consolidated security and privacy controls in draft SP 800-53, Rev. 5 FCSM Quarterly Meeting Overview| 8
Planned SP 800-37, Rev. 2 Publication Schedule* Sept | Oct | Nov | Dec | Jan | Feb | Mar | April | May | June | July Ongoing Stakeholder Release Initial Public Draft (IPD) Coordination 30-Day IPD Public Comment Period Release Final Public Draft (FPR) Joint Task Force Comment Adjudication 30-Day FPD Public Comment Period Release Final Joint Task Force Comment Adjudication *Awaiting OMB Approval; Dates subject to change FCSM Quarterly Meeting Overview| 9
NIST Update: Additional Publications Pending Update/In Development* • FIPS 199 • NIST SP 800-53 • FIPS 200 • NIST SP 800-53A • NIST IR 8011 • NIST SP 800-60 (multiple volumes) • NIST SP 800-160A • NIST SP 800-18 (new) • NIST SP 800-37 • NIST SP 800-171A (new) • NIST SP 800-39 • NIST SP 800-47 *Listed in alphabetical order; schedule pending available resources FCSM Quarterly Meeting Overview| 10
NIST Update • Redesigned CRSC Site Now Live: https://csrc.nist.gov/ • New Google Group for FCSM – COMING SOON – More information to come at February 2018 meeting – ATO issued 10/30/2017 for NIST to use Google Groups – No need to create additional Google account, can use existing email – Benefits • Ability to search archives • No blocking due to oversized headers • Auto-subscribe and auto-unsubscribe FCSM Quarterly Meeting Overview| 11
Upcoming FCSM Meetings – Save the Date! • Quarterly Meetings – February 13, 2018 @ NIST Gaithersburg • Annual “Offsite” – May 15-16, 2018 @ NIST Gaithersburg For more information: https://csrc.nist.gov/Projects/Forum FCSM Quarterly Meeting Overview| 12
Recommend
More recommend
