Implement the New NIST Risk Management Framework Standards & Meet 2022 FISMA Metrics

Registration Closed

The new Presidential Executive Order has increased emphasis on advancing toward “Zero-Trust Architecture” and “Endpoint Detection and Response (EDR)”, and moving systems to FedRAMP clouds. Additionally, NIST has released the finals of many Risk Management Framework (RMF) standards (SP800-53 Rev 5 – Security Controls, SP800-53B – Security Control Baselines, Privacy Framework, SP800-160 Vol 2 – Systems Security Engineering, SP800-161 Rev 1 – Supply Chain Risk Management, SP800-171 Rev 2 – Controlled Unclassified Information (CUI) and High Valued Assets (HVA)), and revisions to the NIST Cyber Security Framework (CSF). RMF now requires an additional step, Preparation Step with 18 new Tasks, and the security control baselines families have increased from 18 to 20 to include more privacy and supply chain security control families. The President and OMB has also increased the requirement to implement the new CSF process into the FISMA process and DHS has initiated several new activities that can be leveraged by enterprises and systems to increase the security and meet on-going authorization efforts.

All of these have made major changes to Federal Cybersecurity requirements that will affect government and contractor information systems and enterprises. This 2-day seminar will identify the changes and provide strategies for effectively and quickly implementing solutions for meeting the new requirements.

The seminar will review all the new initiatives and requirements, which include the following:

• President’s Executive Order 14028 (E.O. 14028): Implementing Zero-trust architecture, deploying more automated EDR solutions and moving systems to the clouds
• 2021 FISMA Report to Congress: OMB’s analysis of agencies’ application of the intrusion detection and prevention capabilities across the Executive Branch
• OMB Circular A-130: On-going authorization, eliminate inefficient and wasteful reporting, leveraging the CSF, new incident response reporting
• OMB Memorandum: M-21-02: Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements
• DHS Secretary Binding Operational Directives (BODs) and Emergency Directives: BOD 20-01 – Develop and Publish a Vulnerability Disclosure Policy, BOD 19-02 – Vulnerability Remediation Requirements for Internet-Accessible Systems, BOD 18-02 – Securing High Value Assets, ED 20-04 – Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
• FISMA 2022 Metrics: Chief Information Officer (CIO), Inspector General (IG), and Senior Agency Official for Privacy (SAOP)
• Frameworks: System Development Life Cycle (SDLC), RMF, Department of Defense (DoD) RMF, CSF, System Security Engineering Framework (SSEF), Privacy Framework, High Value Assets (HVA), Unclassified Controlled Information (UCI)
• Guidance: CSF, Draft SP800-37 Rev 2, SP800-53 Rev 5, SP800-53B, SP800-160 Vol 2, SP800-161 Rev 1, SP800-171 Rev 2, Automation Support for Ongoing Assessment (NISTIR 8011), NIST Cybersecurity Practice Guides (SP1800 Series)
• Automation: Continuous Diagnostic Mitigation (CDM) Solutions and Dashboard, Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), and Security Content Automation Protocol (SCAP)
• DHS Activities: EINSTEIN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene Reviews
• Clouds: Federal Risk and Authorization Management Program (FedRAMP)
• This seminar will include twelve group exercises to further instill the understanding of the RMF requirements.