Key Points of FISMA Reforms of 2013
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Key Points of FISMA Reforms of 2013

  • 671 views
Uploaded on

Discusses the changes to the recent FISMA Reforms (HR 1163).

Discusses the changes to the recent FISMA Reforms (HR 1163).

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
671
On Slideshare
671
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
7
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. InfoSec Learning Center 1Key Points of FISMA Reforms of 2013 April 5, 2013 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 2. Background 2 Known as H.R. 1163 – Federal Information Security Amendments Act of 2013. Approved by House of Representatives on March 20, 2013. May alter the current FISMA landscape and how agencies and corporations are moving toward address the changing cyber climate. Historically, FISMA has relied on a paper-based approach to governance. CISOs have contented that the current FISMA law limits their ability to enhance the security posture for their organization. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 3. Key Changes 3 Extend the responsibility for cybersecurity to the head of the agency. Each agency is required to designate a Chief Information Security Officer or (CISO). CISOs must possess the qualifications to conduct and implement the security program outlined. The CISO is responsible for the implementation of agency-wide security program. Allow the use of automated technologies to support cyber threat assessments OMB will oversee a Federal government incident response center where incidents can be maintained, and assist other agencies with their cyber- incidents, with guidance from key organizations including NIST. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 4. Responsibilities of CISO 4 Overseeing the establishment and maintenance of a security operation that through automated and continuous monitoring can detect, contain and mitigate incidents that impair information security and agency information systems; Developing, maintaining and overseeing an agency-wide information security program; Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements; Training and overseeing personnel with significant responsibilities for information security; Assisting senior agency officials on cybersecurity matters; Ensuring the agency has a sufficient number of trained and security-cleared personnel to assist in complying with federal cybersecurity law and procedures; Reporting at least annually to agency executives the effectiveness of the agency information security program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to remediate threats.Source: “CISOs: FISMA Reforms Establishes CISO Responsibilities”, Process Unity Press Release, March 21, 2013 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 5. OMB Federal Incident Security Center 5 Provide guidance and assistance to other agencies on detecting and handling of security incidents. Compile information on security incidents (and presumably to define metrics and to share best practices with other agencies) Inform other agencies about the current and potential threat landscape. Work with NIST and any other agencies. Operators of national security systems must also report incidents into the same Center. Director of the Center is responsible for defining and implementing policies and procedures consistent with HR 1163. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 6. About TrustedAgent GRC 6TrustedAgent Governance, Risk and Compliance (GRC) provides organizations with acentral technology platform to manage the organization’s security assessment,authorization, and continuous monitoring for risk and compliance management across theenterprise using several standards including FedRAMP, ISO 27001, HIPAA/HITECH, PCIDSS, COBIT, NERC, and FISMA.TrustedAgent GRC collects and aggregates results from other ancillary tools such as assetmanagement, configuration management, vulnerability management, and other informationsecurity tools and processes for analysis and understanding of the enterprise risk profile,conducting compliance and remediation, and management reporting.TrustedAgent GRC provides a structured, consistent, and time-saving approach toimplement compliance deliverables, accelerates the process of securing authorization, andmaintains ongoing support for security assessment and continuous monitoring to meet thechallenges of governance for commercial enterprises and government agencies. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 7. Governance and Security Standards 7 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 8. About Trusted Integration 8Since 2001, Trusted Integration has been a leader in providing Governance, Risk andCompliance management solutions for government and commercial organizationsspecializing superior-quality, cost-saving Information risk management solutions in theFederal Government Compliance (FISMA, DIACAP, and FedRAMP). In addition, TrustedIntegration also provides compliance solutions supporting payment card industry datasecurity standards (PCI-DSS), health care HIPAA/HITECH, and information technologygovernance including COBIT and ISO 27001.For more information, visit us at www.trustedintegration.com.Trusted Integration, Inc.525 Wythe StreetAlexandria, VA 22314(703) 299-9171solutions@trustedintegration.com Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity