Events

FY18 Meeting Dates:

• February 13, 2018 @ NIST Portrait Room (registration information here)
• May 15-16, 2018 - Annual two day "offsite" @ NIST Green Auditorium

FY17 Meeting Dates: 

• October 26, 2016 @ NCCoE
• February 14, 2017 @ NIST Heritage Room
• June 20 - 21, 2017 - annual two day "Offsite" @ NIST Green Auditorium
• August 16, 2017 @ NIST Heritage Room (registration information here)
• November 2, 2017 @ NIST West Square (registration information here)

---

FY 2016 Meetings with Presentations:

• January 28, 2016
• April 21, 2016
• June 21, 2016 - CANCELLED -information was provided for a Software Metrics Workshop held in July at NIST
• August 16-17, 2016 – Annual two day “Offsite” to be held at NIST

Meeting announcements are made through the list serv. Topics and speakers along with how to register are sent a few weeks prior to the scheduled date. NIST is a closed campus and one must be put in the Visitor System or preregistered for a conference to gain access.

The list serv is limited to federal employees, however, exceptions for contractors serving in higher position such as ISSOs or CISOs have been made. A .gov or .mil email address is required. Contractors supporting federal government employees are invited to attend Forum meetings.

---

Presentations

• February 14, 2017
  • Guidance for Assigning New Cybersecurity Codes to Positions with Information Technology, Cybersecurity, and Cyber-Related Functions and The New Cybercareers.gov site - Bill Newhouse, Applied Cybersecurity Division, NIST and Jodi Guss, U.S. Office of Personnel Management
    • Frequently Asked Questions About Hiring Freeze
    • New Cybersecurity Codes
  • Using Risk Management to Improve Privacy in Federal Systems - Ellen Nadeau, Applied Cybersecurity Division, NIST
• October 26, 2016, NIST/NCCoE
  • National Cybersecurity Center of Excellence (NCCoE) Overview
    William (Bill) Newhouse, NIST
  • Developing ISCM Assessment Methodology
    Chad Baer, DHS
  • Hyperlinks for the IETF Security Automation and Continuous Monitoring comments offered during the discussion
    • Security Automation and Continuous Monitoring (sacm)
    • SACM status pages
  • Demonstration of a CDM Generic Instance – Emphasis on Phase 1 and the R2 Dashboard
    Erik Northrop, MITRE and Mike Graves, MITRE
• August 16-17, 2016
  • AGENDA for the August 2016 Meeting
  • PROGRAM for the August 2016 Meeting
    Presentations are listed in the order they were presented. Some presentations did not receive permission to post. See the Agenda for a complete listing of all presentations.
  • Federal CIO Council Update
    Craig Jennings, Federal CIO Council
  • Establishing a Tier 2 Information Security Risk Management Program: How a Department-wide Security Gap Analysis Provided Basis for new Security Program
    Debra Graul, Pension Benefit Guaranty Corporation (PBGC) Office of Benefits Administration (OBA), and Taryne McDonald, PBGC
  • Government Accountability Office (GAO) Information Security Update
    Nicholas (Nick) H. Marinos, GAO and Tom Johnson, GAO
  • SP 800-150, Guide to Cyber Threat Information Sharing
    Christopher (Chris) Johnson, Computer Security Division, NIST
  • NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
    Kelley Dempsey, Computer Security Division, NIST
  • Continuous Diagnostics and Mitigation (CDM)
    Willie D. Crenshaw, Jr., Program Executive, National Aeronautics and Space Administration (NASA)
  • The New A-130 Policy
    Carol Bales, Office of Management and Budget (OMB)
  • Migrating the Federal Government to HTTPS:
    Eric Mill, General Services Administration (GSA)
  • Security Beyond A “System” – Fiscal Service’s Approach to External Services
    Jim McLaughlin, Security Policy & Risk Management, Bureau of the Fiscal Service, U.S. Department of the Treasury and Ralph Jones, Bureau of the Fiscal Service, U.S. Department of the Treasury
  • Case Study: Boundary Consolidation to Support More Efficient, Effective Use of Resources and Increased Maturity in Continuous Monitoring
    LaCountiss Hopkins, Pension Benefit Guaranty Corporation Office of Benefits Administration (PBGC OBA) and Baan Alsinawi, PBGC/Tala Tek LLC
  • Lessons Learned from FedRAMP
    Claudio Belloli, FedRAMP PMO, General Services Administration (GSA)
  • Continuous Diagnostics and Mitigation (CDM) Update, Interagency Communications, and Agency Involvement
    Susan Hansche, Federal Network Resilience, US Department of Homeland Security
  • The Cybersecurity Strategy and Implementation Plan (CSIP) and FY2016 CIO FISMA Metrics
    Cindy Faith, Cyber Risk Advisor and AISSO, DHS ICE/Contractor

---

• The fcsm listserve limits attachments. Many expressed interest in a STIG mapping to NIST 800-53. Members shared the newest STIGs map each vulnerability ID to a Control Correlation Identifier (CCI). The CCI can then be mapped to the SP 800-53 Rev 4 control using the list available here: http://iase.disa.mil/stigs/cci/Pages/index.aspx
  Excel version of the STIG Mapping

---

• April 21, 2016, NIST
  
  • Baseline Tailor: Software-aided Security Control Selection
    Joshua Lubell, NIST, Systems Integration Division
  • Best Practices for Privileged User PIV Authentication
    Hildy Ferraiolo, NIST, Computer Security Division
  • NIST SP 800-177 Trustworthy Email
    Scott Rose, Advanced Network Division, NIST

---

• January 28, 2016, NIST
  
  • Cybersecurity Framework
    Matt Barrett, NIST
  • National Cybersecurity Center of Excellence (NCCoE) - Federally Funded Research and Development Center (FFRDC)
    Karen Waltermire, NIST
  • Update on Vetting the Security Mobile Applications
    Steve Quirolgico, NIST
  • United States Government Configuration Baselines (USGCB)
    Steve Quinn, NIST