Full Program »
TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process
Wednesday, 5 December 2012
13:30 - 15:00
Addressing the confidentiality, integrity, and availability of information in a system—as well as ensuring information resiliency—is one of the goals of integrating security engineering into the system engineering process. This integration is fundamental to the emerging Risk Management Framework, which is replacing the previous notion of “Certification and Accreditation (C&A)” as the means of ensuring that a system has adequate security to operate. This session will provide an overview of this transformation to an assessment and authorization process that emphasizes system security engineering. It will address how to integrate information assurance into the lifecycle of a system, from the early concept stages and requirement selection to the assessment and continuous monitoring of security requirements. It will provide an overview of the applicable NIST documents (NIST SP 800-53 Revision 3, NIST SP 800-37 Revision 1, NIST SP 800-30, NIST SP 800-39) and their interpretation and applicability to systems. This will include CNSSI 1253, the Space Overlay, and (based on the latest information) the updates to DOD 8500.1 and 8500.2.