Loading in 2 Seconds...
Loading in 2 Seconds...
Policy Formulation, the Real Scoop Computer Security Awareness Day. Mark Leininger September 11, 2007. What is this talk about?. Computer Security (honest) How Federal Law results in the computer security rules that we are obligated to follow. Was high school civics class like this?.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Mark Leininger September 11, 2007
An FFRDC meets some special long-term research or development need which cannot be met as effectively by existing in-house or contractor resources.
FFRDC’s are operated, managed, and/or administered by either a university or consortium of universities, other not-for-profit or nonprofit organization, or an industrial firm, as an autonomous organization or as an identifiable separate operating unit of a parent organization.
Applicable Standards and Guidance
Office of Management and Budget (OMB) Memorandum 03-33 Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 September 26, 2003.
Office of Management and Budget (OMB) Memorandum 99-05 Instructions For Complying With The President's Memorandum Of May 14, 1998, "Privacy and Personal Information in Federal Records, January 7, 1999.
Public Law 107-347 (44 U.S.C. Ch 36) E-Government Act of 2002, Title III— Information Security, also known as the Federal Information Security Management Act (FISMA) of 2002.
Office of Management and Budget (OMB) Circular No. A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources, February 8, 1996.
Public Law, Information Technology Management Reform Act of 1996 (Clinger-Cohen Act)
Federal Information Processing Standards (FIPS)
FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, July 2005.
FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004.
SP 800-70, The NIST Security Configuration Checklists Program,May 2005.
SP 800-65, Integrating Security into the Capital Planning and Investment Control Process, January 2005.
SP 800-64, Security Considerations in the Information System Development Life Cycle, October 2003 (publication original release date) (revision 1 released June 2004).
SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, June 2004.
SP 800-53, Recommended Security Controls for Federal Information Systems,February 2005.
SP 800-48, Wireless Network Security: 802.11, Bluetooth, and Handheld Devices, November 2002.
SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004.
SP 800-34, Contingency Planning Guide for Information Technology Systems,June 2002.
SP 800-30, Risk Management Guide for Information Technology Systems,July 2002.
SP 800-26, Rev. 1 NIST DRAFT Special Publication 800-26, Revision 1: Guide for Information Security Program Assessments and System Reporting Form.
SP 800-18, Rev. 1 Guide for Developing Security Plans for Federal Information Systems February 2006.
DOE Policy and Guidance
Revitalization of the Department of Energy Cyber Security Program (1/2006)
Department of Energy Cyber Security Management Program Order 205.1, (Draft)
Department of Energy Cyber Security Management Program, (3/21/2003)
Notice 205.1-1 Incident Prevention Warning and Response Manual
Notice 205.2 Foreign National Access to DOE Cyber Systems (extended to 9/30/06)
Notice 205.3 Password Generation, Protection and Use, (extended to 9/30/06)
Notice 205.4 Handling Cyber Alerts and Advisories, and Reporting Cyber Security Incidents (extended to 07/06/05)
Notice 205.8 Cyber Security Requirements for Wireless Devices and Information Systems, (3/18/06)
Notice 205.9 Certification and Accreditation Process for Information Systems, including National Security Systems, (3/18/06)
Notice 205.10 Cyber Security Requirements for Risk Management, (3/18/06)
Notice 205.11 Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems (3/1/8/06)
Notice 205.12 Clearing, Sanitizing, and Destroying Information System Storage Media, Memory Devices, and Other Related Hardware (2/19/2004)
Notice 205.13 Extension of DOE Directive on Cyber Security, (7/6/2004)
President's Management Agenda