Implement the New NIST RMF & Meet 2019 FISMA Metrics

Recently, the National Institute of Standards and Technology (NIST) released the final Risk Management Framework (RMF) standard (SP800-37, Rev 2), an update to the Security Control Baselines (draft SP800-53, Rev 5), and a revision to the NIST Cyber Security Framework (CSF).  RMF now requires an additional step: Preparation Step with eighteen new Tasks, and the security control baselines families have increased from 18 to 21, to include more privacy and supply chain security control families.  The President and OMB have also increased the requirement to implement the new CSF process into the FISMA process and DHS has initiated several new activities that can be leveraged by enterprises and systems to increase the security and meet on-going authorization efforts.

All of these updates have made major changes to Federal Cybersecurity requirements that will affect government and contractor information systems and enterprises.  This seminar will identify the changes and provide strategies for effectively and quickly implementing solutions for meeting the new requirements.

The seminar will review all of the new initiatives and requirements, which include the following:

• President’s Executive Order 13800 (E.O. 1380):  Implementing CSF and deploying more automated solutions.
• OMB Circular A-130:  On-going authorization, eliminate inefficient and wasteful reporting, leveraging the CSF, new incident response reporting, etc.
• OMB Memorandums:  Security and Privacy, Security High Value Assets (HVA), FISMA Reporting, etc.
• DHS Secretary Binding Operational Directives (BODs):  BOD-17-01 – Removal of Kaspersky-branded Products, BOD-18-01 – Enhance Email and Web Security, and BOD-18-02, High Value Assets.
• FISMA 2019 Metrics:  Chief Information Officer (CIO), Inspector General (IG), and Senior Agency Official for Privacy (SAOP).
• Frameworks:  System Development Life Cycle (SDLC), RMF, Department of Defense (DoD) RMF, CSF, System Security Engineering Framework (SSEF), Privacy Framework, etc.
• Guidance:  CSF, Draft SP800-37 Rev 2, Draft SP800-53 Rev 5, Automation Support for Ongoing Assessment (NISTIR 8011), NIST Cybersecurity Practice Guides (SP1800 Series), etc.
• Automation:  Continuous Diagnostics and Mitigation (CDM) Solutions and Dashboard, Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), and Security Content Automation Protocol (SCAP).
• DHS Activities:  EINSTEIN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene Reviews.
• Clouds:  Federal Risk and Authorization Management Program (FedRAMP).

This seminar will include four group exercises using systems identified by the attendees to further instill the understanding of the RMF requirements.

Guest speakers from NIST and DHS will be providing current information and guidance related to trends and the new FISMA reporting metrics, processes, standards, solutions, and requirements, current and future. Additional speakers from the National Institutes of Health (NIH) will provide a real-world implementation of their new consolidated SSP template.  Students will be provided with two new successful SSP documents.district