slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010 PowerPoint Presentation
Download Presentation
Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010

Loading in 2 Seconds...

play fullscreen
1 / 16

Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010 - PowerPoint PPT Presentation


  • 868 Views
  • Uploaded on

Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010. Overview ODAA Documentation ISFO Process Manual (August 2010) Certification & Accreditation (C&A) Common Errors/Findings. ODAA Documentation NISPOM (Chapter 8) (February 2006)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010' - teal


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Industrial Security Field Operations (ISFO)Office of theDesignated Approving Authority (ODAA) August 2010

slide2
Overview
  • ODAA Documentation
  • ISFO Process Manual (August 2010)
  • Certification & Accreditation (C&A)
  • Common Errors/Findings
slide3
ODAA Documentation
  • NISPOM (Chapter 8) (February 2006)
  • Industrial Security Letters (ISLs)
  • ISFO Process Manual (August 2010)
slide4
ISFO Process Manual
  • System Security Plans (SSP) Types
    • Standalone
    • Local Area Network (LAN)
    • Wide Area Network (WAN)
    • Network Security Plan (NSP)
slide5
ISFO Process Manual
  • Stand Alone
    • Single User Stand Alone (SUSA)
      • Only one general user
      • Physical security
        • Closed area
        • Restricted area
        • Classification level
    • Multi User Stand Alone (MUSA)
      • Two or more general users
      • Physical security
        • Closed area
        • Restricted area
        • Classification level
slide6
ISFO Process Manual
  • Local Area Network (LAN)
    • Peer to peer
      • Local user authentication
        • Closed area
        • Restricted area
        • Classification level
    • Domain controlled
      • Central user authentication
        • Closed area
        • Restricted area
        • Classification level
slide7
ISFO Process Manual
  • Wide Area Network (WAN)
    • Unified WAN
      • RDAA of host node will accredit
      • IATO not allowed
      • Single unified network SSP
        • Must include all nodes on the unified network
    • Interconnected WAN
      • Separately accredited systems
      • Network Security Plan (NSP)
      • IATO may be issued
slide8
ISFO Process Manual
  • Network Security Plan (NSP)
    • Allows interconnection of separately accredited systems
    • ATO/IATO will list nodes approved for connection
    • Provides overall network view
    • RDAA of host node will accredit
    • Network ISSO is responsible
slide9
ISFO Process Manual
  • Self Certification
    • Authority granted in MSSP/Profile, Approval to Operate (ATO)
    • Allows ISSM to self certify like systems
      • Specific to system type and similar operations
    • Only systems that are NISPOM compliant may be self certified
    • Documentation for self certified systems
    • Notify IS Rep, ISSP and ODAA
slide10
Certification & Accreditation (C&A)
  • Plan Submission
    • Must use approved SSP/MSSP/NSP templates
    • Assign Unique Identifier (UID)
      • Once assigned, UIDs never change
    • Email to ODAA
      • CC ODAA, IS Rep and ISSP
      • Email subject line
      • Email body
slide12
Certification & Accreditation (C&A)
  • Process
    • Email plan to ODAA
    • ODAA accepts or rejects plan
    • Once accepted, ISSP performs desktop review
    • RDAA can deny or issue IATO
    • If required ISSM resubmits corrections
    • ISSP will perform on site verification
    • RDAA issues ATO
slide13
C&A Common Errors
  • Missing or incomplete UID
  • Not using approved DSS templates
  • Missing signed IS Security Package Submission and Certification Statement
  • Missing signed DSS Form 147
  • Missing ISSM System Certification Test Checklist
  • Missing GCA risk acceptance letter for variances
  • Missing MOU if required
  • Missing published and promulgated IS Security Policy addressing the classified processing environment
  • ISSM fails to submit required corrections
slide14
Common Errors
  • Passwords
  • SSPs not properly updated (Hardware list, software list, configuration diagram not accurate)
  • Changing the security posture of the system without authorization
slide15
Audit Issues
  • References: NISPOM 8-602, ISL 2007-01 items 44 & 45
  • Security Relevant Objects (SRO), file, and folder permission & auditing
  • System auditing