Meet Your FY2016 FISMA Requirements: Implementing RMF & Meeting FISMA Metrics

Every year, the Office of Management and Budget (OMB) and Department of Homeland Security (DHS) are raising the FISMA requirements to achieve the ultimate goal of “Near-Real-Time System Security Awareness” and “Ongoing Authorization.” Additionally, they are making available automated security solutions to improve our protection and security awareness for our systems.  How do you project, plan and program for these requirements?  How do you leverage all of the automated advances and ensure that your approach to securing your systems is practical, simplified, and effective?  How do we protect our existing and future systems against the evolving threats and attacks?  What are the most practical and efficient options for implementing the Risk Management Framework (RMF) and meeting your FISMA requirements?

If you are in a Federal Agency, Military, or supporting contractor organization, you can successfully and effectively meet your FY2016 FISMA requirements by understanding the FISMA trends and proven successful, security strategies and simple and automated solutions.  

OMB, DHS, Department of Defense (DoD), Committee of National Security Systems (CNSS), and the National Institute of Standards and Technology (NIST) have made major advances in moving Federal information technology (IT) security forward.  They have created new standards, processes, and solutions that are streamlining and automating security and moving us closer to the goal of total near-real-time security awareness.  Attendees will understand how to leverage:

• New automated solutions (Security Content Automation Protocol (SCAP), DoD Host-Based Security System (HBSS) Solutions, Assured Compliance Assessment Solution (ACAS), and Continuous Diagnostics and Mitigation (CDM) Program) to support "ongoing authorizations" and meet the metrics;
• Modified RMF processes for effectively and accurately identifying and documenting a system's security needs;
• System deployment strategies to protect against evolving threats and attacks, like leveraging authorization boundaries, Security Overlays and Templates, Compensating/Common/Hybrid Controls, "air-gaps" and "connect-and-protect", etc.;
• Simple planning and management tools, like Cybersecurity Calendar and Cybersecurity Journal; and
• Organization's Sponsors:  Authorization Official's, Facilities', Physical, Security's, Human Relations', Operation's, Budget's, and Inspector General's staffs.

This course is about how to implement these together to successfully meet your FY2016 RMF security and FISMA Metrics.

This course builds on the popular 2-day "Meeting FISMA Requirements" course that has been taught for the past six years.  All exercises are new to ensure they relate to current systems and solutions and use practical strategies for leveraging recent changes into meeting your individual and enterprise FISMA responsibilities in FY2016.  Attendees will gain a practical understanding of the strategies by working real-world examples during group activities and by reviewing actual samples of the key FISMA documents:  

• Security Plan (SP)
• Risk Assessment Report (RAR)
• Security Assessment Report (SAR)
• Plan of Action and Milestones (POA&M)
• Information Security Continuous Monitoring Plans (ISCMP
• Cybersecurity Calendar,
• Cybersecurity Journal,
• RMF Security Control Baseline Tool (RMFSecCtrlBT), and
• CDM, HBSS, ACAS, and SCAP Product Solutions Cross Reference to meeting OMB CM Implementation requirements.

Speakers from NIST and DHS will be providing current information and guidance related to trends and the new FISMA reporting metrics, processes, standards and solutions.  The course instructor brings real-world practical experience from supporting over 300 FISMA Agency, Military, Intelligence, and Commercial authorizations and continuous monitoring programs for systems in military, public and private sectors.

Course attendees will:

• Gain a thorough understanding of the new FY2016 FISMA requirements and processes (FISMA metrics, CyberScope, SCAP, CyberStat Reviews, etc.);
• Receive strategies on how to leverage these changes to improve their security and make their FISMA efforts more effective;
• How to create a Cybersecurity Calendar and Cybersecurity Journal to effectively manage their cybersecurity actions and increase resources for improving their system and enterprise security
• Understand the a new, modified approach to conducting the RMF
• Identify what “Near-Real-Time” means in continuous monitoring and ongoing authorization;
• Receive an understanding of different security strategies, like "air-gaps" and "connect-and-protect";
• Review the automated solutions and how to use them;
• Learn how to conduct a risk assessment and use the results to identity and justify more effective security solutions and gain additional resources;
• Identify CDM, SCAP, HBSS, and ACAS automated security solutions for meeting OMB CM implementation requirements
• Participate in solving problems related to establishing effective boundaries, conducting risk assessments, facilitating group solutions, leveraging common controls, tailoring security controls and using security overlays templates, and identifying automated solutions; and,
• Receive the RMF Security Control Baseline Tool (RMFSecCtrlBT).

Who Should Attend:

The intended audience for the course is for Federal Agency, DoD and Intelligence Authorization Officers (AO) and staff, Senior Information Security Officers (SISOs), Information Assurance Managers/Information System Security Managers (IAMs/ISSMs), Information System Owners, Information System Security Engineers (ISSEs), project managers, Information System Security Officers (ISSOs), system administrators, supporting contractors, and their staffs and any individuals seeking to better understand how to secure an IT system and meet new FISMA requirements, implement RMF, and develop the related documents.   

 

Learning Objectives:

The learning objectives for this 2-day, Executive, Manager and Operations Level course, are broad ranging and include a number of concepts and strategies including understanding the:

• SP800-37, Revision 1, and SP800-39 standards for the new Authorization Process and Risk Management Framework;
• New DOD RMF Process and the Transition from DIACAP, (DODI 8500.01 and DODI 8510.01);
• Updated NIST SP 800 series documents that support the new process, e.g., risk assessments (SP800-30, Rev1), security controls (SP800-53, Rev4), security control testing (SP800-53A, Rev4) and ISCM planning (SP800-137);
• How to meet the new FISMA Report Metrics;
• New practical, modified RMF process for successfully securing their systems in your environment and culture;
• Methods for reducing the amount of resources and paperwork;
• How to leverage the Security Overlay Templates;
• Answers to “How much is enough?” using “cost-effective and risk-based” methodologies;
• Strategies for developing key FISMA documents, with samples of key FISMA documents:  SP, RAR, POAM, SAR, and ISCMP; 
• How to create your own personal Cybersecurity Calendar and Cybersecurity Journal to effectively manage your FISMA actions and gain resources to support your security improvements; and,
• CDM, HBSS and ACAS solutions and where to use them.
• How to use the RMF Security Control Baseline Tool (RMFSecCtrlBT).

Earn PDUs / CPEs:

• PMI^® PMPs will earn 11 PDUs for attending this Training Seminar
• SSCP, CISSP, ISSEP, ISSMP, ISSAP, CSSLP or CAP credential holders from (ISC)² can receive 11 Continuing Professional Education (CPE) credits. Credential holders must enter their CPE credits in the usual manner on the (ISC)² website.
• CISA, CISM, CRISC and CGEIT credential holders from ISACA can earn 11 CPE credits.  (Any course that pertains to at least one of the job practice areas of the certification will qualify for CPEs. It is up to the certified person to determine if the course or activity qualifies for CPE.)

Attendees will receive a Certificate of Completion as a result of their seminar participation.

What Attendees will Receive:

Why Attend:

Explore in a vendor-neutral, interactive academic setting how to effectively meet the new DHS, DOD, OMB and NIST FISMA requirements and use practical strategies and automated tools in your organization, and increase the security of your IT systems.