1 / 21

Cybersecurity , Information Assurance and Privacy (CIAP) Shared Interest Groups (SIG)

Cybersecurity , Information Assurance and Privacy (CIAP) Shared Interest Groups (SIG). cYBERSECURITY , information assurance, & privacy (CIAP) SHARED interest groups (sig). Heena Patel Security Services Division The General Services Administration. May 15 – 17, 2012.

mimis
Télécharger la présentation

Cybersecurity , Information Assurance and Privacy (CIAP) Shared Interest Groups (SIG)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity, Information Assurance and Privacy (CIAP) Shared Interest Groups (SIG) cYBERSECURITY, information assurance, & privacy (CIAP) SHARED interest groups (sig) Heena PatelSecurity Services Division The General Services Administration May 15 – 17, 2012

  2. ITS Mission, Vision, and Value • Our Mission • To excel at providing customers easy access to IT solutions through quality industry partners to fulfill government mission requirements • Our Vision • Great Government through Technology • Our Value • To reduce total acquisition time, cost, and risk, • allowing our customers to focus on their mission

  3. ITS Offerings and Solutions Communications and Network Services Offerings ITS “Great Government through Technology” Professional Services Hardware Products and Services Security Software Products and Services Strategic Solutions ITS offers government customers access to IT products, services, and strategic solutions

  4. ITS Program Offices • ITS Program Offices administer contract vehicles and deliver acquisition services to customer agencies to buy IT and telecommunications offerings and strategic solutions • Assisted Acquisition Services (AAS) provides complete acquisition lifecycle support to government agencies Network Services ProgramsYour one-stop shop for telecommunications solutions IT Schedule 70Fair and reasonable prices for IT products and services Governmentwide Acquisition ContractsComprehensive and flexible contracts that provide virtually any IT service IT Commodity Program IT commodities and ancillary services through innovative ordering ITS Center for Strategic Solutions and Security Services Good for Government Programs Services Assisted Acquisition

  5. GSA/FAS/ITS Security Services Division (SSD) • The SSD launched in September 2010. • The role of the division is to: • Provide advice and implement computer security standards and requirements across FAS/ITS. • Execute the U.S. CIO mandate to embrace risk and authorization management for cloud computing across Federal Agencies. • Interpret the Federal Information Security Management Act and NIST Special Publications for federal technology product and service acquisitions.

  6. GSA/FAS/ITS Security Services Division (SSD) • The role of the division is to: • Manage the operations of the Federal Public Key Infrastructure (FPKI). • Ensure that IT acquisition language regarding Cybersecurity is standardized throughout the various ITS portfolios. • Conduct Continuous Monitoring of the Infrastructure as a Service (IaaS) Blanket Purchase Agreement (BPA). • Manage the Risk Management Framework (RMF) services Blanket Purchase Agreement (BPA).

  7. Cybersecurity, Information Assurance & Privacy (CIAP) • CIAP mission is to establish a trusted partner relationship with civilian and defense clientele and industry partners to demonstrate that if IT acquisitions are made from GSA, mandated compliance is assured. • The CIAP Program implements the ITS Cybersecurity Strategic Plan to enable ITS to be well positioned to offer enhanced CIAP products, services and solutions.  The CIAP Program strives to meet the needs of Federal, State, Local and Tribal customers, and to build awareness, drive demand, and influence the IT security products and services market.   

  8. What are the driving factors? Threats Legislation Standards Budget

  9. CIAP GOALS - Serve as Lead advisor to Federal, State, Local and Tribal Governments and private industry in procurement of CIAP products and services - Provide common security guidelines and acquisition policies that are readily available across government entities for the procurement of IT products and services - Become a trusted partner with government clients and industry partners through demonstrated effectiveness in assuring that GSA generated offerings are compliant with all Federal acquisition and security mandates and directives - Ensure GSA provides our customers with a more efficient and effective way to locate Cybersecurity products that will satisfy FISMA requirements - Ensure GSA IT offerings meet FISMA, OMB, FIPS, and Regulatory requirements - Ensure that clients purchase products and services which meet compliance needs for Federal, State, Local and Tribal government customers

  10. Key Objective: Shared Interest Group (SIG) Adaptable • Establish a trusted partner relationship with civilian and defense clientele and industry partners to demonstrate that if IT acquisitions are made from GSA, they are not just Adaptable, & Affordable but also Compliant and Cyber Safe as mandated. Affordable Compliant Cyber-Safe

  11. Mission • The Shared Interest Group (SIG) will provide an open forum for discussion and exchange of information around Cybersecurity that concerns all aspects of the vital partnership between GSA, our Customers, and Industry.

  12. Key Stakeholders • Together the partners will build on their combined strengths and capabilities for a greater impact than each can achieve alone. • Participation is voluntary, multidirectional, trusted, sustainable, and supportive of the flow of information and ideas. • Partnership engagement is vital to the value of the SIG and ensure that its activities are appropriate, effective, and sustainable.

  13. How do we get it done???Meet with Customers, Vendors, and FAS Portfolios Customer Meetings: Provide customers with information on existing and future CIAP offerings, and get customer feedback on their requirements. Vendor Meetings: Inform Vendors about GSA customer existing and future needs and requirements. Update vendors on current and evolving policy, procedures, and guidelines. FAS Portfolio Meetings: Ensure that IT acquisition language regarding Cybersecurity is standardized throughout the various FAS portfolios. Inform FAS Portfolios about customer requirements, vendor offerings and Cybersecurity topics.

  14. Course of Action: Customer Meetings When: 1stMonth of the Quarter. Purpose: Provide customers with information on existing and future CIAP offerings, and get customer feedback on their requirements. Audience:Federal Agency Information Security Specialist, Information Technology Program/Project Managers, and Acquisition Personnel. Facilitators: Security Services Division Sample Topics:Risk Management Framework (RMF) Guest Speakers: There will be a guest speaker at every meeting. The guest speaker may include GSA personnel who are actively involved and intimately familiar with the topic of discussion. For example, the RMF presentation and discussion would be led by Tom Bowmen.

  15. Course of Action: Vendor Meetings When:2nd Month of the Quarter. Purpose: Inform Vendors about GSA customers existing and future needs and requirements. Update vendors on current and evolving policy, procedures, and guidelines. Audience:Cybersecurity Vendors Facilitators: Security Services Division Sample Topic: IaaS Continuous Monitoring Policy, Processes, Guidelines. Guest Speakers: There will be a guest speaker at every meeting. The guest speakers will include a representative from the agency or organization who is actively involved and intimately familiar with the topic of discussion.

  16. Course of Action: FAS Portfolios Meetings When:3rd Month of the Quarter. Purpose: Ensure that IT acquisition language regarding Cybersecurity is standardized throughout the various FAS portfolios. Inform FAS Portfolios about customer requirements, vendor offerings and Cybersecurity topics. Audience: Information Security Specialist assigned to support the various FAS portfolios, IT Program/Project Managers, & Acquisition Professionals (CO’s). Facilitators: Security Services Division Sample Topics: Comprehensive National Cybersecurity Initiative (CNCI), Draft Guidelines on Security and Privacy in Public Cloud Computing, EINSTEIN, US Cyber Command, Hype cycles, etc. Static Topic: Acquisition Policy Procedures and Guidelines. Guest Speakers: There will be a guest speaker at every meeting. The guest speakers will include a representative from the agency or organization who is actively involved and intimately familiar with the topic of discussion.

  17. Quarterly Meetings Information Exchange Customer Meeting Vendor Meeting Portfolio Meeting Shared Interest Groups Shared Interest Groups Shared Interest Groups

  18. OUR MISSION How Can We Help? Cybersecurity, Information Assurance and Privacy Provide common security guidelines and acquisition policies that are readily available across government entities for the procurement and use of IT products. Establish a trusted partner relationship with civilian and defense clientele and industry partners to demonstrate that if IT acquisitions are made from GSA, mandated compliance is assured. Ensure GSA provides our customers with a more efficient and effective way to locate Cybersecurity products that will satisfy FISMA requirements. Ensure GSA IT offerings meet FISMA, OMB, FIPS, and Regulatory requirements. Ensure that clients purchase products and services which meet compliance needs for Federal, State, Local and Tribal government customers. HOW CAN WE HELP? The Security Services Divisions mission is to improve how GSA serves federal, state and local government in the acquisition of IT security products and services. Event Details: Date: Wednesday, October 2012 Time: 10:00 AM - 11:00 AM Location: 10304 Eaton Place Fairfax, Virginia 22030 Willow Woods Conference Room 1A/B Dial-In: 866-712-6470 Passcode: 2930154 For additional information, email us atCIAP@GSA.GOV

  19. Value to the Stakeholders • Establish trusted partner relationships with civilian and defense clientele and industry partners • Establish acquisition policy to improve IT Security • Stay current and knowledgeable with latest requirements • Reduce costs for GSA through the overall process • Increase sales for vendors, and Federal cost savings with improved understanding of Federal Cyber Security requirements. • Receive knowledgeable advisory services for C&A

  20. Become A Member!!! Membership is open to any key stakeholder within Federal, State, local, tribal, and territorial governments and private sector including vendors, critical infrastructure owners/operators, academic institutions, and other interested parties. Contact: ciap@gsa.gov

  21. Questions???

More Related