Cyber Security and Information Systems Information Analysis Center
This update to NIST Special Publication 800-37 (Revision 2) responds to the call by the Defense Science Board, Executive Order 13800, and OMB Memorandum M-17-25 to develop the next-generation Risk Management Framework (RMF) for information systems, organizations, and individuals. There are seven major objectives for this update: Provide closer Read More
Software assurance (SwA) is the “level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle.” [4] The latest change to Department of Defense (DoD) Instruction (DoDI) 5000.02, Operation of the Defense Acquisition System Read More
This is the edited chat log from the CSIAC Webinar, "Applying the Top 20 Critical Controls for Risk Assessment". Notice: This content may contain personal or third-party views and opinions not associated with the government. Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/ Jack R: Is the Return for being Read More
This webinar will introduce attendees to the Center for Internet Security (CIS) Top 20 Critical Security Controls. Tools and techniques to implement the controls will be discussed. With the uncertainty and risks associated with the Internet of Things (IoT), it is essential to understand how to assess a system or a business network and implement controls to Read More
Embedded devices are increasingly connected to network resources for additional functionality with the ultimate goal of greater mission capability. Recently, security of connected devices is being scrutinized with highly publicized vulnerabilities of various consumer devices. While several domains are starting to publish new guidelines for cybersecurity Read More
This is the edited chat log from the CSIAC Webinar, "eMASS, the True Story". Notice: This content may contain personal or third-party views and opinions not associated with the government. Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/ Cragin S: I think the foot stomp here is that eMASS is NOT RMF... it is a Read More
The use of manual methods to monitor system controls has essentially become impractical due to the growing number of applicable controls and the increasing frequency at which they are to be evaluated (for the RMF’s near real-time risk assessment). Instead, the NIST guidance strongly suggests that automation be used, to the extent possible, to generate, Read More
This webinar covers the realities of the Enterprise Mission Assurance Support Service (eMASS): what works well, what does not work, and how to best make it work for you. The webinar discusses how to categorize your system, select applicable controls, and leverage eMASS to assist in this process. Two specific topics that are covered are how inheritance Read More
The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment. This document, Volume 2 of NISTIR 8011, addresses the Hardware Asset Management Read More
This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed. The parts of the control assessed by each determination statement are called control items. The control Read More
