Cyber Security and Information Systems Information Analysis Center
Embedded devices are increasingly connected to network resources for additional functionality with the ultimate goal of greater mission capability. Recently, security of connected devices is being scrutinized with highly publicized vulnerabilities of various consumer devices. While several domains are starting to publish new guidelines for cybersecurity Read More
This is the edited chat log from the CSIAC Webinar, "eMASS, the True Story". Notice: This content may contain personal or third-party views and opinions not associated with the government. Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/ Cragin S: I think the foot stomp here is that eMASS is NOT RMF... it Read More
The use of manual methods to monitor system controls has essentially become impractical due to the growing number of applicable controls and the increasing frequency at which they are to be evaluated (for the RMF’s near real-time risk assessment). Instead, the NIST guidance strongly suggests that automation be used, to the extent possible, to generate, Read More
This webinar covers the realities of the Enterprise Mission Assurance Support Service (eMASS): what works well, what does not work, and how to best make it work for you. The webinar discusses how to categorize your system, select applicable controls, and leverage eMASS to assist in this process. Two specific topics that are covered are how inheritance Read More
The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment. This document, Volume 2 of NISTIR 8011, addresses the Hardware Asset Management Read More
This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed. The parts of the control assessed by each determination statement are called control items. The control Read More
The ability for commanders to know and understand an organizational attack surface, its vulnerabilities, and associated risks is a fundamental aspect of command decision-making. In the cyberspace domain, ongoing monitoring sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, by assessing security Read More
Abstract: For military networks and systems, the cyber domain is ever-increasingly contested and congested space. Defenders of these systems must fight through adversary action in complex tactical and strategic environments. Just now completing its third year, the Cyber-Security Collaborative Research Alliance has sought to develop approaches for Read More
This article describes the challenges and solutions for Security Authorization in a cloud based services environment. We describe Compliance as a Service (CaaS) that supports various service models as well as the deployment models in cloud-based environment. This makes the solution elastic, metered and cost effective, all characteristics of a cloud based Read More
Effective Integration of Cybersecurity into the DoD Acquisition Lifecycle encompasses several different processes: DoDI 5000.02 - Operation of the Defense Acquisition System DoDI 8510.01 - Risk Management Framework (RMF) for DoD Information Technology (IT) Cybersecurity Test and Evaluation Program Protection System Security Engineering Read More
