Special Seminar:
Compliance with FISMA Requirements Based on NIST Publications
Overview:
This 2-day seminar
focuses on the Congressional mandated Federal Information Security
Management Act (FISMA) requirements for implementing and assessing
effective information security programs. Under the supervision and
direction of the Office of Management & Budget (OMB), agencies must
comply with an extensive set of documented guidance from the
National Institute of Standards and Technology (NIST) to implement
adequate security controls. This seminar will follow the outline of
the NIST’s Special Publication (SP) 800-37: Guide for Applying the
Risk Management Framework to Federal Information Systems. The
purpose of 800-37 is to provide guidelines for applying RMF to
federal information systems to include defining security
categorization, selecting and implementing security controls,
conducting security control assessment, obtaining information
system authorization, and continuous monitoring. The seminar will
also cover important Special Publications, Federal Information
Processing Standards and regulatory mandates that are referenced in
800-37.
Agenda
Seminar Outline
Day 1
FISMA Background- Regulations & Guidelines – 1.5hr
Presidential Directives
Office of Management and Budget
Department of Homeland Security
Committee on National Security Systems
National Institute of Standards and Technology
Risk Management Framework Overview –NIST-SP 37- 2 hr
Gap Analysis
Step 1: Categorization
Step 2: Security Control Selection
Step 3: Implement Controls
Step 4: Assess Controls
Step 5: Authorize
Step 6: Continuous Monitoring
Step 1: Categorization – 1.5hr
FIPS 199: Security Categorization Standards
SP 800-60: Mapping Types to Categories
Step2: Security Control Selection – 1.5hr
FIPS 200: Minimum Security Requirements
800-53r3 Security Controls Catalog
Day 2
Step 3: Security Controls Implementation – 1 hr
NIST Control Families
Minimum Security Requirements: FIPS 200
Recommended Security Controls: SP 800-53 v3
Step 4: Assessment – 2 hr
Assessing Security Controls: SP 800-53a
Assessment Technical Guide: SP 800-115
Step 5-6: Authorization & Monitoring – 2.5 hr
Continuous Monitoring: SP 800-137
CAESARS Framework Extension: IR 7756
Current State of Federal Information Security – 1 hr
FY2010 FISMA Report
Inspectors General’s Findings
Progress
Path Forward
Audience
IT auditors and security specialists assigned to implement or assess
information system security programs for Federal agencies
Prerequisites and Advanced Preparation
Candidates should be familiar with OMB Directives and NIST
publications for information security.
CPE: 14
Class size: 35
Vendor / Instructor profile
The instructor for this class is Ms. Tina Kuligowski. Tina is a
FITSI Certified Instructor (FCI) in both the Manager and Operator
roles and has been at the forefront of information security for the
past 10 years teaching for such clients as the State Department,
Booz Allen and Hamilton and Securible, LLC. She has the
following additional certifications: CISSP, Security+, CEH,
MCSE, MCT.
When
Tuesday April 3rd, and Wednesday April 4th, 2012 from
8:00 a.m. to 4:00 p.m.
Sign-in at 7:30AM.
Where
Arlington Campus New Building (Founders Hall)
3351 North Fairfax Drive
Room (TBD- Sign will be out in front)
Arlington, VA 22201
Facility information and/or closing due to inclement weather
please call:
(703) 993-8999
Continuing Education Units
14
Parking
Click
here to download a PDF of the Ballston and VA Square area.
The closest Parking garage to GMU is:
913 N. Lincoln Street (in Blue).
Meals
Attendees will receive a Cosi gift card for meals for both days of
the class.
Cost
FITSI Members: $400
ISACA, ISSA, or IIA: $500
All Others: $600
Registration
Registration is closed
|
