• Document: Cyber Security Assessment & Management (CSAM) CSAM C&A web
  • Size: 1.72 MB
  • Uploaded: 2019-03-14 13:48:17
  • Status: Successfully converted

Some snippets from your converted document:

Cyber Security Assessment & Management (CSAM) CSAM C&A web Introduction to CSAM 1 CSAM C&A Web Solution The CSAM C&A Web solution is an enterprise-wide tool for: • Leveraging guidance from the Office of Management and Budget (OMB) • National Institute of Standards and Technology (NIST), other regulatory requirements, and industry best practices to assist in assessing IT security and support management. To provide comprehensive FISMA compliance, the CSAM C&A Web application automates management of five services for one complete FISMA solution. An “authoring tool” in the application comes populated with easily tailored. CSAM at USDA • In 2007-2008, the USDA implemented the Cyber Security Assessment and Management (CSAM) system into the IT Security Program. • CSAM provides the USDA Security Program, Program Officials, and IT Security managers with a web-based secure network capability to assess, document, manage, and report on the status of IT security risk assessments and implementation of Federal and DOC mandated IT security control standards and policies. • In addition, it also provides a centralized system for the management of Plan of Action and Milestone to include creating, tracking, and closing, as well as automates system inventory and FISMA reporting capabilities. System Security Plans (SSP) • SSPs are all too often considered “shelf-ware” that is costly to develop and maintain. • In the CSAM C&A Web application, the SSP is 95 percent documented based on the enterprise work accomplished in the first two services (policy and program planning) and by using the automated support in the CSAM C&A Web solution system requirements assessment. CSAM is the SSP DATA SOURCES NAVIGATIONAL 1 2 3 4 5 6 7 8 9 10 GUIDE INFO TYPES Security Accreditation Package 1 SSP CSAM C&A Web REPORT CARD • CSAM extracts data from screens and inserts the information into the SSP where appropriate to automatically generate the SSP when desired. CSAM-generated SSP template utilizes paragraph numbers to incorporate system data populated on the various CSAM screens. Inventory Management • CSAM currently contains 253 systems of which are OMB reportable. • Including sub-systems CSAM currently holds approximate combined total of 730 operational systems. Introduction to CSAM 6 POA&M Management • Since Implementation, CSAM maintains the information on 7000 POA&Ms • USDA currently has 800 open POA&Ms Introduction to CSAM 7 Assessment • We fully utilize the assessment features of CSAM here at USDA Introduction to CSAM 8 Security Accreditation Package Security Accreditation Package 1 2 3 SSP POA&Ms Security Assessment Report (SAR) SSP Template (paragraph numbering)  CSAM generates three key documents found in the Security Accreditation Package.  CSAM extracts data from screens and inserts the information into the SSP where appropriate to automatically generate the SSP when desired. Introduction to CSAM 9 CSAM Future • CSAM Version 3 • New look and feel • Alignment with NIST 800-37 Rev1 and other NIST Guidance • NIST 800-53 Rev4? Introduction to CSAM 10 Risk Management Framework • 6 Steps and tasks outlined • Checklist! Introduction to CSAM 11 V3.0 Dashboard • In V3.0 CSAM plans to change the format of the Dashboard using PG 1 PG 2 PG 3 PG 4 enterprise dashlets. • There is a limited 4 page offerings

Recently converted files (publicly available):