Federal Computer Security Managers’ Forum Quarterly Meeting November 2, 2017 National Cybersecurity Center of Excellence
Federal Computer Security Managers’ ForumQuarterly Meeting
November 2, 2017National Cybersecurity Center of Excellence
Safety/Evacuation
FCSM Quarterly Meeting Overview| 2
Evacuation Emergencies
What Will Happen During an Evacuation Event?• A building-wide alarm will sound• Verbal instructions over the building’s public address (PA) system will follow
shortly after the alarm• Exit the conference room and head for the nearest exit (Red Signs –
Upper Right Map)• If the Security Guard is close by and accessible, ask for further instruction• Once outside the building, swiftly walk toward the designated meeting area
near the posted sign stating “Evacuation Meeting Area” (Yellow Sign –Lower Right Map)
Shelter-In-Place (SIP) Emergencies
What Will Happen During an Evacuation Event?• A building-wide alarm will sound• Verbal instructions over the building’s public address (PA) system will follow
shortly after the alarm• Exit the conference room and head for the nearest SIP hallway or room
(Yellow Signs – Upper Right Map)• If the Security Guard is close by and accessible, ask for further instruction
NIST-Guest Wireless Network
• NIST-Guest is broadcasted; Use this network to connect your device.
1. Connect wirelessly to SSID: NIST-Guest 2. Open your browser, as needed. 3. If using iOS (iPhones and iPads), access a web page that does not use
https:// (for example, http://www.apple.com) to get to the Access and Use Policy. 4. If using Android devices, a web page will automatically open with the Access and Use Policy.
• Review the complete Access and Use Policy by scrolling to the bottom of the Window. Acknowledge that you agree to the terms identified by selecting ACCEPT.
• Device access will be blocked if (1) it is a NIST-owned device; (2) malware or other malicious activity is detected; or (3) inappropriate online behavior is detected.
For more information, see: https://www.nist.gov/sites/default/files/documents/2016/11/08/AboutAccess.pdf
FCSM Quarterly Meeting Overview| 3
FCSM Quarterly Meeting Agenda
November 2, 2017
9:00 AM Welcome and Update from NISTJody Jacobs, NIST
9:30 AM Internet of Things (IOT) Security and Privacy ConsiderationsSuzanne Lightman, NIST
10:15 AM Break
10:30 AM Derived PIV CredentialsChris Brown, NIST
11:15 AM Tour of NCCoESusan Prince, NIST
12:00 PM Adjourn
FCSM Quarterly Meeting Overview| 4
NIST Update
• Draft SP 800-53, Revision 5• Draft SP 800-37, Revision 2• Additional Publications Pending Update/In
Development• Updated CSRC Site and Upcoming Listserv Changes• Save the Date: FY2018 FCSM Meetings
FCSM Quarterly Meeting Overview| 5
NIST Update: Draft SP 800-53, Rev 5
• Initial Public Draft (IPD) published Aug 15, 2017
• 30 day public comment period (through Sept 12, 2017)– Also published “red-line” version of
controls and baselines that highlight significant technical updates and changes
FCSM Quarterly Meeting Overview| 6
public comments3000+
115+ stakeholders
NIST Update: Planned SP 800-53, Rev 5 Publication Schedule*
FCSM Quarterly Meeting Overview| 7
*Awaiting OMB Approval; Dates subject to change
Aug | Sept | Oct | Nov | Dec | Jan | Feb | Mar | April | May
Joint Task Force Comment Adjudication
30-Day FPD Public Comment Period
Joint Task Force Comment Adjudication
Release Final Public Draft (FPD)
Release Final
NIST Update: Draft SP 800-37, Rev 2
• Discussion Draft published Sept. 28, 2017 in preparation for the NIST Risk Management Framework (RMF) Workshop
• RMF Workshop held Oct. 3, 2017 @ NCCoE– Opportunity to get initial stakeholder feedback/input– Workshop summary, CEU form available on event site:
https://csrc.nist.gov/Events/2017/NIST-Risk-Management-Framework-Workshop
• Update Objectives:– Closer linkage to risk management (RM) processes and
activities at C-suite level and system/operational level (including SP 800-39)
– Institutionalize enterprise-wide RM preparation activities– Demonstrate how the Cybersecurity Framework can
be implemented using established NIST RM processes– Integration of privacy risk management concepts into
the RMF and support use of consolidated security and privacy controls in draft SP 800-53, Rev. 5
FCSM Quarterly Meeting Overview| 8
Planned SP 800-37, Rev. 2 Publication Schedule*
FCSM Quarterly Meeting Overview| 9
*Awaiting OMB Approval; Dates subject to change
Sept | Oct | Nov | Dec | Jan | Feb | Mar | April | May | June | July
Ongoing Stakeholder Coordination
30-Day IPD Public Comment Period
Joint Task Force Comment Adjudication
Release Initial Public Draft (IPD)
Release Final Public Draft (FPR)
Joint Task Force Comment Adjudication
Release Final
30-Day FPD Public Comment Period
NIST Update: Additional Publications Pending Update/In Development*
• FIPS 199• FIPS 200• NIST IR 8011
(multiple volumes)• NIST SP 800-18• NIST SP 800-37• NIST SP 800-39• NIST SP 800-47
• NIST SP 800-53• NIST SP 800-53A• NIST SP 800-60• NIST SP 800-160A
(new)• NIST SP 800-171A
(new)
FCSM Quarterly Meeting Overview| 10
*Listed in alphabetical order; schedule pending available resources
NIST Update
• Redesigned CRSC Site Now Live: https://csrc.nist.gov/
• New Google Group for FCSM – COMING SOON– More information to come at February 2018 meeting– ATO issued 10/30/2017 for NIST to use Google Groups– No need to create additional Google account, can use existing email– Benefits
• Ability to search archives• No blocking due to oversized headers• Auto-subscribe and auto-unsubscribe
FCSM Quarterly Meeting Overview| 11
Upcoming FCSM Meetings – Save the Date!
• Quarterly Meetings– February 13, 2018 @ NIST Gaithersburg
• Annual “Offsite”– May 15-16, 2018 @ NIST Gaithersburg
For more information:https://csrc.nist.gov/Projects/Forum
FCSM Quarterly Meeting Overview| 12