1 / 8

Security Update

Security Update. Randy Speed, Chief Information Systems Policy and Control Staff. FY 2008 Accomplishments. Security Command Center (SCC) implementation Features Software tool which captures system audit logs Maintains log records from all computing platforms in a single repository

sunee
Download Presentation

Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Update Randy Speed, Chief Information Systems Policy and Control Staff

  2. FY 2008 Accomplishments • Security Command Center (SCC) implementation • Features • Software tool which captures system audit logs • Maintains log records from all computing platforms in a single repository • Provides the capability to produce comprehensive audit reports from a centralized location • Platforms currently being captured • Windows, UNIX and Firewall platforms • Implementation of mainframe system audit logs in progress

  3. FY 2008 Accomplishments • Access Administration • For the period January 2008 through June 2008 • Submitted by 133 Federal government agencies • Requests received – 9,101 • Request processed – 8,749 • 96% of the security access requests were completed within 5 business days in accordance with agency service level agreements

  4. FY 2008 Accomplishments • Security Access Reports utilizing NFC’s Reporting Center • Assists Agency Security Officers (ASOs) with various audit requirements such as A-123, FISMA, etc. • Features • Immediately available when needed, submission of requests for reports not required • Provides ASOs direct access to reports on the web • Allows ASOs to review security access reports for employees within their scope • Data refreshed every quarter • Applications implemented • STAR – System for Time and Attendance Reporting

  5. With An Eye On The Future • Identity Access Management (IAM) • Automated security administration • Includes all computing platforms • Features • Automated access request approval and notification • ASOs will have the capability to add and remove users without submitting a request to NFC • Requires adoption of Role-based access methodology by the agency • Planned pilot implementation • FY 2009 – NFC completed • FY 2010 – Rollout to agencies

  6. With An Eye On The Future • Security Command Center (SCC) • Finalizing production architecture and design to capture mainframe logs • Implementation of mainframe system audit logs scheduled to be completed December 2008 • Security Access Reports • Under development • EPIC - Entry Processing Inquiry and Correction System • PINQ - Payroll/Personnel Inquiry System • TINQ - Time Inquiry System • Reports will be available late Spring 2009

  7. With An Eye On The Future • SecureAll (SALL) • Security tool for NFC’s Oracle web applications • RPCT – Reporting Center • Features • Eliminates Help Desk intervention for password resets • Enhances security access reporting capabilities • ASO user acceptance testing is currently in progress • Scheduled implementation August 2008

  8. With An Eye On The Future • Continue Agency Security Officer quarterly meetings • Continue to keep ASOs informed with the latest security updates • Begin working with ASOs on statement of requirements for role-based conversion

More Related