Enter Document Title

Enter Document Title

OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016 Purpose and Use of the Report Purpose Present a pictorial overview of cybersecurity information captured in the VA EA Use Provides a graphical illustration of the relationships between the integrated cybersecurity information that is discoverable in the VA EA The report is one of the many VA EA artifacts used to: Enable the identification of cybersecurity capability gaps and duplication for Planning, Programming, Budgeting and Execution (PPBE) Support the CIOs initiatives in discovering, managing and implementing cybersecurity policies affecting the security of VA IT infrastructure and all related physical and human assets. Office of VA Enterprise Architecture Working Draft For Internal VA Use Only 2 What Cybersecurity information is captured in the VA EA? 1. VA BRM Functions and Business Functions 2. FEA BRM Code 7. Laws, Regulations, Policies and Directives (LRPDs) 3. CIOs Enterprise Cybersecurity Strategy Goals 8. Findings: 2014 VA Performance and Accountability Report (PAR) 4. CIOs Enterprise Cybersecurity Strategy Objectives 9. Findings: OIG FISMA 2014 Audit 5. Processes: IT Service Continuity Management Milestone (ITCSM) 10. Performance Measurement ID and Name 11. Design Patterns ITCSM Create Service Continuity Capability Enterprise Secure Messaging Design Pattern ITCSM Monitor and Assess Service Continuity Internal User Identity Authentication Design Pattern ITCSM Enhance IT Service Continuity Capability ITCSM Manage Emergency Events 6. The National Institute of Standards and Technology (NIST) Cybersecurity Standards IT Service Management Increment 1: FISMA/ FICAM Material Weakness #1 & #6 Resolution Design Pattern 12. VASI System ID and Name Office of VA Enterprise Architecture Working Draft For Internal VA Use Only 3 Enable visibility and discoverability of VA cybersecurity related content for effective decision making. Office of VA Enterprise Architecture Working Draft For Internal VA Use Only Line of Sight Report Legend VA Cybersecurity BRM Function VA Cybersecurity BRM Business Function VA Cybersecurity BRM Business Function Description VA CIOs Enterprise Cybersecurity Strategy Goals and Objectives FEA Business Reference Model v 3.1 Service Code Hyperlinks to comprehensive NIST Standards and LPRDs Hyperlinks to Cybersecurity Findings and Material Weaknesses VA Cybersecurity BRM Business Functions VA Cybersecurity Business Function Metadata Title

VASI System ID Office of VA Enterprise Architecture Working Draft For Internal VA Use Only VASI System Name VA Cybersecurity Business Function Metadata Description VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services VA BRM Business Function Manage Data Integrity Integrity Manage Data 3.5.1.1 3.5.1.1 and and Privacy Privacy Manage Data Integrity and Privacy No. Title 3.5.1.1 3.5.1.1 Manage Manage Data Data Integrity Integrity and and Privacy Privacy Description Manage Identification, 3.5.1.2 Manage Identification, 3.5.1.2 Authentication Authentication and and Access Access Enterprise Cybersecurity Goals Manage Data Protection 3.5.1.3 Manage Data Protection 3.5.1.3 and and Cryptography Cryptography Enterprise Cybersecurity Objectives Respond Respond to to IT IT Security Security 3.5.1.4 3.5.1.4 Incidents Incidents 3.5.1.5 3.5.1.5 FEA Service Code NIST Standards Monitor Monitor IT IT Security Security Controls Controls Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails 3.5.1.7 3.5.1.7 Certify Certify and and Accredit Accredit IT IT Systems, Systems, Applications and

Applications and Devices Devices Laws, Regulations, Policies and Directives (LRPDs) Perform IT Service Perform IT Service 3.5.1.8 3.5.1.8 Continuity Management Continuity Management 3.5.1.9 Manage Manage Threats Threats and and Vulnerabilities Manage Data Integrity and Privacy involves the coordination of data collection, storage, dissemination, and destruction as well as managing the policies, guidelines, and standards regarding data management, so that data quality is maintained and information is shared or available in accordance with the law and best practices Goal 1. Protecting Veteran Information and Data Objective A: Provide secure access and assure privacy protections Objective B: Incorporate security and privacy protections in VAs environment 317 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6502: VA Enterprise Privacy Program 6502.3: Web Page Privacy Policy 6504: VA Directive 6504 Rescinded by VA Handbook 6500 6507: Reducing the Use of Social Security Numbers 6508: Implementation of Privacy Threshold Analysis and Privacy Impact Assessment 6509: Duties of Privacy Officers 6511: Presentations Displaying Personally-Identifiable Information 6517: Cloud Computing Services, 6515: Use of Web-Based Collaboration Technologies 6518: Enterprise Information Management (EIM), 6600: Responsibility Of Employees And Others supporting VA In Protecting Personally Identifiable Information (PII) Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Performance Measurement ID and Name Design Patterns 180 Percent of users required to use a Personal Identity Verification (PIV) card to authenticate Enterprise Secure Messaging Design Pattern: http://www.techstrategies.oit.va.gov/docs_design_patterns_aaa.asp 1124 Common Security System 1463 VistA - Patient Data Exchange VASI System 1524 Portal for Electronic Third-party Insurance Recovery 1767 VHA Support Service Center National SSN Security Database 2015 Common Security Applications Manager 2017 Common Security User Manager 6 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services Manage Identification, Authentication and Access No. Title Manage Identification, Manage Data Integrity 3.5.1.1 and Privacy Manage Identification, VA BRM Business Function Manage Identification, 3.5.1.2 Authentication and Access Authentication and Access Manage Identification, 3.5.1.2 3.5.1.2 Authentication Authentication and and Access Access

Description Enterprise Cybersecurity Goals Manage Manage Data Data Protection Protection 3.5.1.3 and and Cryptography Cryptography Enterprise Cybersecurity Objectives Respond to Respond to IT IT Security Security 3.5.1.4 3.5.1.4 Incidents Incidents FEA Service Code 3.5.1.5 3.5.1.5 Monitor Monitor IT IT Security Security Controls Controls Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails 3.5.1.7 3.5.1.7 Certify Certify and and Accredit Accredit IT IT Systems, Systems, Applications and Applications and Devices Devices Perform IT Service Perform IT Service 3.5.1.8 3.5.1.8 Continuity Management Continuity Management 3.5.1.9 3.5.1.9 Manage Manage Threats Threats and and Vulnerabilities Vulnerabilities NIST Standards Laws, Regulations, Policies and Directives (LRPDs) Manage Identification, Authentication and Access defines the set of capabilities to support obtaining information about those parties attempting to log on to a system or application for security purposes and the validation of those users Goal 1: Protecting Veteran Information and Data Objective A: Provide secure access and assure privacy protections 648 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504: VA Directive 6504 Rescinded by VA Handbook 6500 6512: Secure Wireless Technology Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Performance Measurement ID and Name Design Patterns 136 Percent of encrypted devices (Laptops) Enterprise Secure Messaging Design Pattern http://www.techstrategies.oit.va.gov/docs_design_patterns_aaa.asp 1124 Common Security System 1257 Fat-client Kernel Authentication & Authorization Tool

VASI System 1510 VistA - Person Services Identity Management 2017 Common Security User Manager 2030 Electronic Computer Access Request 7 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services Manage Data Integrity Integrity Manage Data 3.5.1.1 3.5.1.1 and and Privacy Privacy Manage Identification, VA BRM Business Function 3.5.1.2 Manage Identification, 3.5.1.2 Authentication Authentication and and Access Access Manage Data Protection and Cryptography No. Title Manage Manage Data Data Protection Protection 3.5.1.3 3.5.1.3 and and Cryptography Cryptography Description Enterprise Cybersecurity Goals Manage Data Protection 3.5.1.3 Manage Data Protection 3.5.1.3 and and Cryptography Cryptography Enterprise Cybersecurity Objectives Respond Respond to to IT IT Security Security 3.5.1.4 3.5.1.4 Incidents Incidents FEA Service Code 3.5.1.5 3.5.1.5 Monitor Monitor IT IT Security Security Controls Controls Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails 3.5.1.7 3.5.1.7 Certify Certify and and Accredit Accredit IT IT Systems, Systems, Applications and Applications and Devices Devices NIST Standards

Laws, Regulations, Policies and Directives (LRPDs) Manage Data Protection and Cryptography defines the set of capabilities to support the use and management of ciphers, including encryption and decryption processes, to ensure confidentiality and integrity of data Goal 1: Protecting Veteran Information and Data Objective A: Provide secure access and assure privacy protections 650 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504: VA Directive 6504 Rescinded by VA Handbook 6500 6512: Secure Wireless Technology Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Perform IT Service Perform IT Service 3.5.1.8 3.5.1.8 Continuity Management Continuity Management 3.5.1.9 Manage Threats and Vulnerabilities Performance Measurement ID and Name Design Patterns 136 Percent of encrypted devices (Laptops) Enterprise Secure Messaging Design Pattern http://www.techstrategies.oit.va.gov/docs_design_patterns_aaa.asp 1002 Access Manager 1124 Common Security System 1257 Fat-client Kernel Authentication & Authorization Tool VASI System 1767 VHA Support Service Center National SSN Security Database 2015 Common Security Applications Manager 2016 Common Security Employee Manager 2017 Common Security User Manager 2030 Electronic Computer Access Request 8 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services Manage Data Integrity 3.5.1.1 Manage Data Integrity 3.5.1.1 and and Privacy Privacy Respond to IT Security Incidents No. Title 3.5.1.4 3.5.1.4 Respond Respond to to IT IT Security Security Incidents Incidents VA BRM Business Function Description Manage Identification, 3.5.1.2 Manage Identification, 3.5.1.2 Authentication Authentication and and Access Access Enterprise Cybersecurity Goals Manage Data Protection 3.5.1.3 3.5.1.3 and Cryptography

Enterprise Cybersecurity Objectives to IT Security 3.5.1.4 Respond Incidents FEA Service Code 3.5.1.5 Monitor Monitor IT IT Security Security Controls Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails 3.5.1.7 3.5.1.7 Certify Certify and and Accredit Accredit IT IT Systems, Systems, Applications and Applications and Devices Devices Perform IT Service Perform IT Service 3.5.1.8 3.5.1.8 Continuity Management Continuity Management 3.5.1.9 3.5.1.9 Manage Manage Threats Threats and and Vulnerabilities Vulnerabilities NIST Standards Laws, Regulations, Policies and Directives (LRPDs) Respond to IT Security Incidents defines the set of capabilities to provide active response and remediation to a security incident that has allowed unauthorized access to a government information system Goal 2: Defending VA's Cyberspace Ecosystem Objective B: Respond rapidly to cyber threats and intrusions through timely network monitoring and detection Objective C: Recover rapidly from cyber incidents through effective response, resilience and restorations plans 654 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504: VA Directive 6504 Rescinded by VA Handbook 6500 Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Performance Measurement ID and Name VASI System 69 Number of Security Incidents 70 Percent reduction in events requiring credit protective services/notifications 2046 BMC Remedy 9 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services Manage Data Integrity 3.5.1.1 and Privacy Manage Identification, VA BRM Business Function

Manage Identification, 3.5.1.2 3.5.1.2 Authentication and Access Authentication and Access Manage Manage Data Data Protection Protection 3.5.1.3 3.5.1.3 and and Cryptography Cryptography Respond to IT Security 3.5.1.4 Respond to IT Security 3.5.1.4 Incidents Incidents 3.5.1.5 3.5.1.5 Certify Certify and and Accredit Accredit IT IT Systems, Systems, Applications Applications and and Devices Devices Perform IT Service Perform IT Service 3.5.1.8 3.5.1.8 Continuity Continuity Management Management 3.5.1.9 3.5.1.9 No. Title 3.5.1.5 Monitor Monitor IT IT Security Security Controls Controls Description Enterprise Cybersecurity Goals Enterprise Cybersecurity Objectives FEA Service Code NIST Standards Monitor Monitor IT IT Security Security Controls Controls Capture Capture and and Analysis Analysis of of 3.5.1.6 3.5.1.6 Audit Audit Trails Trails 3.5.1.7 3.5.1.7 Monitor IT Security Controls Manage Manage Threats Threats and and Vulnerabilities Vulnerabilities Laws, Regulations, Policies and Directives (LRPDs) Monitor IT Security Controls includes all activities related to the real-time monitoring of security controls employed within or inherited by a system. (see Appendix G of NIST Special Publication 800-37) Goal 1: Protecting Veteran Information and Data Goal 2:Defending VA's Cyberspace Ecosystem Objective A: Provide secure access and assure privacy protections Objective D: Manage risk via continuous monitoring, detection and diagnostics, intelligence sharing, accelerated adoption of lessons learned and mitigations 316 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS

http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504:VA Directive 6504: Rescinded by VA Handbook 6500 6513: Secure External Connections 6500: Managing Information Security Risk: VA Information Security Program Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Performance Measurement ID and Name VASI System 181 Percent of external network traffic passing through a Trusted Internet Connection (TIC) 2050 Tenable Nessus 10 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services VA BRM Business Function Manage Manage Data Data Integrity Integrity 3.5.1.1 3.5.1.1 and and Privacy Privacy Capture and Analysis of Audit Trails No. Title No. Title Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails Description Manage Manage Identification, Identification, 3.5.1.2 3.5.1.2 Authentication and Access Authentication and Access Enterprise Cybersecurity Goals Manage Data Protection 3.5.1.3 Manage Data Protection 3.5.1.3 and and Cryptography Cryptography Enterprise Cybersecurity Objectives Respond to IT Security 3.5.1.4 Respond to IT Security 3.5.1.4 Incidents Incidents 3.5.1.5 3.5.1.5 Monitor Monitor IT IT Security Security Controls Controls Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails 3.5.1.7 3.5.1.7 Certify Certify and and Accredit Accredit IT IT Systems,

Systems, Applications Applications and and Devices Devices Perform IT Service Perform IT Service 3.5.1.8 Continuity Management Continuity Management 3.5.1.9 Manage Manage Threats Threats and and Vulnerabilities Vulnerabilities FEA Service Code NIST Standards Laws, Regulations, Policies and Directives (LRPDs) Capture and Analysis of Audit Trails defines the set of capabilities to support the identification and monitoring of activities within an application, system, or network Goal 2: Defending VA's Cyberspace Ecosystem Objective A: Enhance timely detection of cyber threats and intrusions and situations awareness 316 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504: VA Directive 6504 Rescinded by VA Handbook 6500 Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Performance Measurement ID and Name Design Patterns 69 Number of Security Incidents Internal User Identity Authentication Design Pattern Enterprise Secure Messaging Design Pattern External User Authentication Design Pattern http://www.techstrategies.oit.va.gov/docs_design_patterns_aaa.asp 1002 Access Manager VASI System 2030 Electronic Computer Access Request 2049 SPLUNK 11 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services Manage Data Integrity 3.5.1.1 Manage Data Integrity 3.5.1.1 and and Privacy Privacy Manage Identification, VA BRM Business Function 3.5.1.2 Manage Identification, 3.5.1.2 Authentication and Authentication and Access Access Certify and Accredit IT Systems, Applications and Devices No. Title No. Title 3.5.1.7 3.5.1.7 Certify Certify and and Accredit Accredit IT IT Systems, Systems, Applications Applications and

and Devices Devices Description Enterprise Cybersecurity Goals Manage Manage Data Data Protection Protection 3.5.1.3 3.5.1.3 and and Cryptography Cryptography Enterprise Cybersecurity Objectives Respond to Respond to IT IT Security Security 3.5.1.4 3.5.1.4 Incidents Incidents FEA Service Code 3.5.1.5 3.5.1.5 Monitor Monitor IT IT Security Security Controls Controls Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails 3.5.1.7 3.5.1.7 Certify Certify and and Accredit Accredit IT IT Systems, Systems, Applications and Applications and Devices Devices NIST Standards Laws, Regulations, Policies and Directives (LRPDs) 3.5.1.9 3.5.1.9 Goal 3: Protecting VA Infrastructure and Assets Objective A: Prioritize identification and protection of high value assets and sensitive information Objective B: Incorporate security and privacy protections in VA's environment 656 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504: VA Directive 6504 Rescinded by VA Handbook 6500 Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Perform IT Service Perform IT Service 3.5.1.8 3.5.1.8 Continuity Management Continuity Management Certify and Accredit IT Systems, Applications and Devices defines the set of capabilities to support the certification and accreditation (C&A) of federal information systems, applications and devices, as described in NIST SP800-37 Performance Measurement ID and Name Manage Threats and Vulnerabilities VASI System 72 Percent of IT systems formally approved for secure operations 136 Percent of users required to use a Personal Identity Verification (PIV) card to authenticate

182 Percent of required TIC capabilities implemented by TIC(s) used by the organization 2032 Risk Vision - Governance, Risk and Compliance System 2050 Tenable Nessus 12 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services Manage Manage Data Data Integrity Integrity 3.5.1.1 3.5.1.1 and and Privacy Privacy Manage Identification, 3.5.1.2 Manage Identification, 3.5.1.2 Authentication Authentication and and Access Access Perform IT Service Continuity Management No. Title Perform Perform IT IT Service Service 3.5.1.8 3.5.1.8 Continuity Management Description VA BRM Business Function Enterprise Cybersecurity Goals Manage Data Protection 3.5.1.3 Manage Data Protection 3.5.1.3 and and Cryptography Cryptography Enterprise Cybersecurity Objectives Respond Respond to to IT IT Security Security 3.5.1.4 3.5.1.4 Incidents Incidents Perform IT Service Continuity Management defines the set of capabilities to ensure that agreed-upon IT services continue to support business requirements in the event of a disruption to the business. Goal 2: Defending VA's Cyberspace Ecosystem Objective D: Manage risk via continuous monitoring, detection and diagnostics, intelligence sharing, accelerated adoption of lessons learned and mitigations Objective C: Strengthen business process and supporting technology including partner and third party interactions IT Service Continuity Management Milestone (ITCSM) Level Process ITCSM Create Service Continuity Capability 3.5.1.5 3.5.1.5 Monitor Monitor IT IT Security Security Controls Controls Processes ITCSM Enhance IT Service Continuity Capability ITCSM Manage Emergency Events Capture an Analysis of 3.5.1.6 Capture an Analysis of 3.5.1.6 Audit Audit Trails Trails Certify Certify and

and Accredit Accredit IT IT NIST Standards 3.5.1.7 Systems, 3.5.1.7 Systems, Applications Applications and and Devices Devices Perform Perform IT IT Service Service 3.5.1.8 3.5.1.8 Continuity Management Continuity Management 3.5.1.9 3.5.1.9 Manage Manage Threats Threats and and Vulnerabilities Vulnerabilities ITCSM Monitor and Assess Service Continuity Laws, Regulations, Policies and Directives (LRPDs) http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504: VA Directive 6504 Rescinded by VA Handbook 6500 Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Performance Measurement ID and Name Design Pattern VASI System 145 Percent of facilities with completed/updated site security plan within the last 12 months 195 Percent of facilities with completed/updated risk assessment within the last 12 month 201 Percent of facilities with completed Incident Response Plan (IRP) IT Service Management Increment 1: FISMA/FICAM Material Weakness #1 & #6 Resolution http://www.techstrategies.oit.va.gov/docs/designpatterns/Enterprise%20ITSM%20Design%20 Pattern%20Final%20V1_508_08202014.pdf 1524 Portal for Electronic Third-party Insurance Recovery (PETIR) 13 VA BRM Function 3.5.1 Provide Provide Cyber Cyber Information Information Security Security Services Services Manage Data Integrity 3.5.1.1 Manage Data Integrity 3.5.1.1 and and Privacy Privacy Manage Identification, VA BRM Business Function 3.5.1.2 Manage Identification, 3.5.1.2 Authentication Authentication and and Access Access Manage Data Protection 3.5.1.3 and Cryptography Respond to IT Security 3.5.1.4 Respond to IT Security Incidents Incidents 3.5.1.5 3.5.1.5 Monitor Monitor IT

IT Security Security Controls Controls Capture and Analysis of 3.5.1.6 Capture and Analysis of 3.5.1.6 Audit Audit Trails Trails Certify Certify and and Accredit Accredit IT IT 3.5.1.7 3.5.1.7 Systems, Systems, Applications Applications and and Devices Devices Perform IT Service Perform IT Service 3.5.1.8 3.5.1.8 Continuity Management Continuity Management 3.5.1.9 3.5.1.9 Manage Manage Threats Threats and and Vulnerabilities Vulnerabilities Manage Threats and Vulnerabilities No. Title 3.5.1.9 3.5.1.9 Manage Manage Threats Threats and and Vulnerabilities Vulnerabilities Description Enterprise Cybersecurity Goals Enterprise Cybersecurity Objectives FEA Service Code NIST Standards Laws, Regulations, Policies and Directives (LRPDs) Manage Threats and Vulnerabilities involves all functions pertaining to the protection of federal information and information systems from unauthorized access, use, disclosure, disruptions, modification, or destruction, as well as the creation and implementation of security policies, procedures and controls. It includes all risk and controls tracking for IT systems Goal 2: Defending VA's Cyberspace Ecosystem Objective A: Enhance timely detection of cyber threats and intrusions and situations awareness 315 http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsFIPS.html#FIPS http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 6504: VA Directive 6504 Rescinded by VA Handbook 6500 Findings: 2014 VA Performance http://www.va.gov/budget/docs/report/2014-VAparPartIII.pdf and Accountability Report (PAR) Findings: OIG FISMA 2014 Audit http://www.va.gov/oig/pubs/VAOIG-14-01820-355.pdf Performance Measurement ID and Name 225 Number of critical and high vulnerabilities identified and mitigated within 30 days 226 Number of unauthorized software found and removed within the last 30 days 1009 AITC Physical Security VASI System 2050 Tenable Nessus 2066 National Vulnerability Database Repository Tool 14

Recently Viewed Presentations

  • [Poster Title]

    [Poster Title]

    Elmar Achenbach. Influence of surface roughness on the cross-flow arounda circular cylinder. J Fluid Mech. vol. 46, part 2, pp 321-335. Great Britain.1971. Suresh Behara and Sanjay Mittal. Transition of the boundary layer on a circular cylinder in the presence...
  • スライド 1

    スライド 1

    Characteristics of the spherical aberrations of three aspherical intraocular lenses by measurement in a model eye Department of Ophthalmology, Nara Medical University
  • Safe Environment High School Students Archdiocese of New ...

    Safe Environment High School Students Archdiocese of New ...

    7887 Walmsley Ave. New Orleans, LA 70125 office: 504-861-6247 ... audio, video, books, apps) chastityproject.com (Jason Evert's site: lots of short video, audio, blog resources, and lots of some of the best books on dating--it's not just ... Safe Environment...
  • Concentration, units & dimensions Learning Objectives:  Define Environmental

    Concentration, units & dimensions Learning Objectives: Define Environmental

    Verdana MS Pゴシック Arial Wingdings Times New Roman Watermark 1_Watermark Concentration, units & dimensions Examples of Environmental Fluid Mechanics Projects Environmental Fluid Mechanics Transport in the Hydrosphere Concentrations Hydromechanics Point Pollution Sources Non-Point Pollution Sources Storm Water Runoff Accidents Water...
  • Key Pathways into Academic Family Medicine Leadership Student

    Key Pathways into Academic Family Medicine Leadership Student

    Key Pathways into Academic Family Medicine Leadership. Domains of Academic Family Medicine. Ambulatory/ Inpatient. Clinical Leader. Service Line Director
  • Life in Med

    Life in Med

    The _____ people's migrations helped spread culture across medieval Africa. Education in African villages was carried out by the family and _____. ... Stories were passed down through word-of-mouth & lessons were given through short sayings called proverbs. Life in...
  • Rapid Response to a Local Outbreak of Syphilis in Baltimore

    Rapid Response to a Local Outbreak of Syphilis in Baltimore

    Times New Roman Arial Bl_YlWtArlf MS Organization Chart 2.0 Rapid Response to a Local Outbreak of Syphilis in Baltimore RRT Outbreak Response Steps Critical Elements in Place Anne Arundel Syphilis Interviews and Assessment Forms PowerPoint Presentation Informing and Involving the...
  • Lesson 3: Solving Magnetic Circuits - Engineering | SIU

    Lesson 3: Solving Magnetic Circuits - Engineering | SIU

    Lesson 3: Solving Magnetic Circuits. ET 332a. Dc Motors, Generators and Energy Conversion Devices. Learning Objectives. After this presentation you will be able to: Explain the dc circuit analogy to magnetic circuits. Represent a magnetic circuit using reluctances and MMF...