us department of state jay coplon
DESCRIPTION
US Department of State Jay Coplon. My Commitment. You will get a sense for how we do C&A You will find value in being here All of your questions will be answered. Key Points. Quantitative Metrics Toolkits, Tools and Templates Continuous Monitoring Questions and Answers. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/1.jpg)
US Department of State
Jay Coplon
![Page 2: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/2.jpg)
My Commitment
• You will get a sense for how we do C&A• You will find value in being here• All of your questions will be answered
![Page 3: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/3.jpg)
Key Points
• Quantitative Metrics• Toolkits, Tools and Templates• Continuous Monitoring• Questions and Answers
![Page 4: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/4.jpg)
Decision Memo Authorization to Operate• When the Control Limits have not been exceeded.
![Page 5: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/5.jpg)
Decision Memo Authorization to Operate• When the Control Limits have been exceeded.
![Page 6: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/6.jpg)
Risk Score in iPost
Control Limit5% or Less Medium Risk
Specification Limit6 -15% Medium Risk
System Owner will manage their systems iPost Risk Score which is represent by an average over a 30 day period.
![Page 7: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/7.jpg)
Fully Reporting in iPostSystem Owner will maintain a high level of hosts fully reporting (to iPost) within the accreditation boundary. Fully means current reporting on hardware, software, patch, vulnerability, and compliance
Control LimitFalls below 90%
Specification LimitFalls below 70%
![Page 8: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/8.jpg)
Little or No Medium Traditional Risk
The System Owner will maintain a level or state of low or no Medium business risk as determined by traditional C&A.
Control Limit5% or Less Medium Risk
Specification Limit6 -15% Medium Risk
![Page 9: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/9.jpg)
Notifications of Change
When risk is above the specification limit notifications of change will not be considered.
Control Limit3 or more consecutive months
Specification Limit<3 consecutive months
![Page 10: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/10.jpg)
C&A – How we communicate with our customers.
• SharePoint Website Policy, Procedure, Standard
• Document Center Organized by categories
• Alert Notifications Page and/or Document
• WorkshopsTools
![Page 11: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/11.jpg)
SharePoint
![Page 12: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/12.jpg)
SharePoint
![Page 13: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/13.jpg)
![Page 14: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/14.jpg)
![Page 15: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/15.jpg)
Get Ready Get Set STOP!• Exceed any specification limit• Readiness to Start C&A Checklist
![Page 16: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/16.jpg)
FIPS 199 and OMB M-04-04
• Categorize your System• Determine the Assurance Level
![Page 17: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/17.jpg)
Control Selection Tool
• Identify which controls have been implemented• How each control has been implemented• C&A and Annual Security Control Assessments• Manage controls over the systems lifecycle
![Page 18: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/18.jpg)
POA&M Tester Database Tool
• Linked to the system FIPS 199 categorization • Import Open Findings from previous assessments• Finding and Recommended remediation• Failed Controls are identified• Standardizes the risk is calculated for each finding• Risk Scoping
![Page 19: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/19.jpg)
iPost Continuous Monitoring
![Page 20: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/20.jpg)
IPost Continuous Monitoring
![Page 21: US Department of State Jay Coplon](https://reader035.vdocuments.mx/reader035/viewer/2022062521/568168ad550346895ddf5e2c/html5/thumbnails/21.jpg)
Questions and Answers