CDM Generic Instance - CSRC

2y ago
14 Views
2 Downloads
532.33 KB
11 Pages
Last View : 16d ago
Last Download : 2m ago
Upload by : Bria Koontz
Transcription

1 1 CDM Generic InstanceOverview and Live Demonstration 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

2 2 Agenda General CDM OverviewFurther CDM Capability Areas and Strategic GoalsGeneric Instance – GoalsStrategic ValueCDM Generic Instance BuildLab Architecture- Phase 1 Tools and Data FlowPhase 1 Tools – Notable PointsDemo 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

3 General CDM Overview Continuous Diagnostics and Mitigation (CDM) is amajor DHS program.– Purpose: Provide a structured implementation ofInformation Security Continuous Monitoring (ISCM) perNIST 800-137. The CDM program has these components.– Multiple phases of implementation Phase 1 – What is on the Network Phase 2 – Who is on the Network Phase 3 – What is happening on the Network BOUND – How are my network boundary controls and dataprotection capabilities (encryption and data loss prevention) Phase 4 – Ongoing Authorization Automation CDM implementation is managed by the DHS CDMProgram Management office (PMO). 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

4 Further CDM Capability Areas and Strategic Goals Bound-E and Bound-F – Monitor and Manage Encryption Mechanisms Controls and Manage Network Filters andBoundary ControlsPhase 3 – Manage Events and Ongoing Assessments– Detection of security violation events and classification of event impact– Ongoing Assessment is the automation of monitoring NIST Special Publication (SP) 800-53controls that are related to CDM Phase 1, Phase 2, BOUND, and Phase 3 network andinfrastructure components.Phase 4 – Operate, Monitor and Improve (OMI)– Ongoing Authorization uses the results of the MNGEVT ongoing assessment of NIST SP 80053 controls for all previous phases of CDM as a set of inputs for ongoing authorizationprocesses.Changing the Paradigm– Automated Federal Risk Scoring, Automated FISMA Metric Reporting, Automation of SecurityAssessment & Authorization for participating CDM Departments and Agencies4 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

5 5 Generic Instance – Goals1. Build a CDM Generic Instance consistent with evolving CDM requirements2. Apply CDM BPA Attachment N (Phase 1), N2 (Phase 2), and N.i (Phase n) technicalrequirements3. Integrate and correlate data in Archer Dashboards4. Provide stakeholders virtual and physical access to the CDM generic instance5. COTS Vendor Outreach and Engagement 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

6 6 Strategic Value Provide Sponsor early access to configured dashboard releases Independent instantiation of Phase n– Phase 1 was conceived without interaction or input from CMaaS Integrators or externalentities– Experience Phase n capabilities in an controlled environment Ready access to fully licensed, enterprise COTS, software Sandboxed environment– Permits for access to software ahead of CMaaS installation and integration Generic Instance may be a conduit for training and/or other stakeholder engagementas determined by Sponsors (FNR, NIST) 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

9 9 CDM Generic Instance BuildNessus(VULN)CounterACT(HWAM) 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.BigFix(SWAM)BigFix(CSM)SplunkArcherPhase 1Build

10 10 Lab Architecture- Phase 1 Tools and Data FlowTarget Workstations andServersCollection andIntegrationSensorsAgency DashboardArcherSPLUNKPhase 1 BuildForeScoutCouterACTIBMBigFix(HWAM)(SWAM)IBM ations 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.TenableNessus(VULN)

11 11 Phase 1 Tools – Notable Points Archer– Offices and Containers Network objects are associated withOrganizational Units; everything is in AD – Data Feeds Archer to Splunk integration via Splunk APICounterACT (HWAM)– Near real time discovery– Policies define compliance (definitions ofwhat is compliant) and object roledefinitions– Monitors network via Port Mirroring Splunk Saved Searches return data via API calls Only ingesting minimal data needed forArcher BigFix (SWAM, CSM)– STIGs are used to enforce FISMAcontrols on all endpoints andworkstations– Used to deploy patches to correctvulnerabilities– Captures software inventory Tenable Nessus (VULN) Scheduled vulnerability scans Automatic updates from NVD 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

12 Demo 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

13 13 Thank You!Questions/Comments 2016 The MITRE Corporation. All rights reserved. For Internal MITRE Use.

Archer to Splunk integration via SplunkAPI CounterACT (HWAM) –Near real time discovery –Policies define compliance (definitions of what is compliant) and object role definitions –Monitors network via Port Mirroring Splunk Saved Searches return data via API calls Only ing

Related Documents:

Customer Demand Management What is CDM How we forecast CDM How we estimate actual CDM Review of year to date. CDM Triad Avoidance Red Zone Management Demand Side Response / Reserve What is CDM. Red Zone Management DNO Distribution Use of System (DUoS) charges make up around 12% of electricity costs for Industrial and Commercial

Regional CDM Strategy and Results Framework 2014 - 2024 7 Message froM exeCutive DireCtor of CDeMa Comprehensive Disaster Management (CDM) is a paradigm shift from a reactive approach to disaster management, to an anticipatory approach. CDM also involves a shift from focusing on individual hazards

B of the rear panel, and flat cables (CN701, CN702), and re-move the MAIN board. 4Remove the two screws D securing the SUB-TRANS board, and remove the SUB-TRANS board. 5Remove the two screws F securing the REG board. 6Remove the three screws G securing the CDM cover, and re-move the CDM cover. 7Remove the two screws H securing the CDM, move the CDM

Describe the key principles of the Critical Decision-Making Model (CDM). Explain each of the five steps of the CDM. Explain the principles of threat assessment, including dynamic risk. Understand and articulate the benefits of the CDM. Use the CDM to describe the actions of a police officer handling a critical incident,

The generic programming writing of this algorithm, us-ing a GENERIC ITERATOR, will be given in section 3.2. 2.2 Generic programming from the language point of view Generic programming relies on the use of several pro-gramming language features, some of which being de-scribed below. Generic

AP Accreditation Panel (a panel under the EB) AT Assessment Team (made by the CDM Assessment Panel . EB Executive Board: the highest authority for the CDM under the COP/MOP. . of project. Depending upon their main purpose, each guideline has a different focus and a different

What is the ISDA CDM 2.0? The ISDA CDM 2.0 is the full version of the ISDA Common Domain Model for interest rate and credit derivatives, made available to market participants and technology provide

wisdom and determination on this day of celebration. We stand on the shoulders of many clouds of witnesses. We bring to you our time, talents and money to continue the work you began with our ancestors. We stand in the middle of greater possibilities. You have carried us through many dangers, toils and snares. Eyes have not seen, nor ear heard, neither have entered the heart of men and women .