go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

Dept. of Commerce Building

CSRC Homepage
 
FISMA Homepage
 
FISMA NEWS
 
BACKGROUND
 
PROJECT PHASES
 
SCHEDULE
 
FAQs
 
RISK MANAGEMENT
FRAMEWORK
 
SECURITY
CATEGORIZATION
 
SECURITY
CONTROLS
 
ASSESSMENT
PROCEDURES
 
CERTIFICATION &
ACCREDITATION
 
SUPPORT TOOLS
& APPLICATIONS
 
INDUSTRIAL CONTROL
SYSTEM SECURITY
 
COMPLIANCE
 
LIBRARY
 
EVENTS
 
CONTACTS
 
MAILING
LIST
 

  FISMA Implementation Project
Protecting the Nation's Critical Information Infrastructure
 

FISMA IMPLEMENTATION PROJECT PHASE II:
WORKSHOP ON CREDENTIALING PROGRAM FOR SECURITY ASSESSMENT SERVICE PROVIDERS
_________________________________________

April 26, 2006 
Registration begins at 8:00 a.m.
9:00a.m. - 4:00p.m.
National Institute of Standards and Technology
100 Bureau Drive, Red Auditorium
Gaithersburg, MD 20899
 
Public Workshop

The National Institute of Standards and Technology (NIST) is holding a workshop to discuss Phase II of the FISMA Implementation Project and proposed requirements for credentialing organizations to conduct information security assessments of federal information systems, including those information systems operated by contractors on behalf of the federal government.

WHO SHOULD ATTEND:

  • Federal agencies (i.e., consumers of information system security assessment [certification] services);
  • Public and private sector information system security assessment service providers; and
  • Public and private sector credentialing organizations/authorities (i.e., organizations that accredit, qualify, recognize, approve, list, or confirm competence and capability of service providers).

BACKGROUND:

Title III of the E-Government Act (Public Law 107-347), entitled the Federal Information Security Management Act (FISMA) of 2002, requires each federal agency to conduct periodic testing and evaluation of the effectiveness of its information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually. In addition to the FISMA requirement, the Office of Management and Budget (OMB) Circular A-130 requires every federal information system to be certified and accredited every three years or when significant changes occur within the system. The security certification process which supports security accreditation, requires the comprehensive assessment of the management, operational, and technical security controls within the information system to determine the overall effectiveness of the controls (i.e., are the controls implemented correctly, operating as intended and producing the desired outcome with respect to meeting the security requirements for the system). The results from these security control assessments provide authorizing officials with critical information and evidence needed to make credible, risk-based decisions on whether to place an information system into operation or continue its operation.

To assist federal agencies in implementing FISMA, NIST established the FISMA Implementation Project. Phase I of the FISMA Implementation Project focused on the development of a suite of security standards and guidelines required by the FISMA legislation as well as other FISMA-related publications necessary to create a robust information security program and effectively manage risk to agency operations and agency assets. Phase II of the project is focusing on the development of a credentialing process for public and private sector organizations that provide security certification services for federal agencies.

In order to achieve credentialed status, information security service providers will have had to demonstrate capability and competence in the application of the NIST security standards and guidelines associated with the security certification process. Developing a network of credentialed organizations with demonstrated capability and competence in conducting security assessments will give federal agencies greater confidence in the acquisition and use of such services and lead to increased information security for the federal government.

The workshop topics will include:

  • Overview of the FISMA Implementation Project;
  • Overview of Key Documents Produced in Phase I of the Project;
  • Strategy and Vision for Phase II of the Project;
  • Prospective Models for Credentialing of Security Assessment Organizations; and
  • Proposed Requirements for Service Providers and Oversight Bodies.

Concurrent breakout sessions will be held for prospective credentialing organizations/authorities, service providers, and consumers of security assessment services to discuss workshop topics. Attendees can comment on the material presented and/or provide their own inputs/ideas on the proposed credentialing program.

DATE AND TIME:

The FISMA Phase II Workshop on Credentialing Program for Security Assessment Service Providers will be held on Wednesday, April 26, 2006, from 9 a.m. to 4 p.m.

Registration begins at 8:00 a.m.

LOCATION:

The workshop will be held at the National Institute of Standards and Technology, Red Auditorium, Administration Building (101), 100 Bureau Drive, Gaithersburg, Maryland 20899. Gaithersburg is located 25 miles from the center of Washington, DC.

REGISTRATION:

The registration fee is $20 per person and includes coffee breaks, lunch, and workshop materials. Pre-registration is required and must be accomplished by April 19. Cancellations and/or substitutions must be requested, in writing, by April 19, and no refunds will be made after this date. Electronic registration: http://www.nist.gov/public_affairs/confpage/conflist.htm .

Due to increased security, no on-site registrations will be accepted and all attendees must be pre?registered. Photo identification must be presented at the main gate to be admitted to the conference. Attendees must wear their conference badge at all times while on the campus.

COFFEE BREAKS AND LUNCH:

Refreshments will be provided during the morning, mid-morning, and mid-afternoon breaks. Lunch will also be provided.

PUBLIC TRANSPORTATION:

To reach NIST via Metrorail, take the Red Line to the Shady Grove end. NIST is located approximately 20 minutes from the Shady Grove station. A NIST shuttle service runs between Shady Grove metro and NIST's Administration Building at :15 and :45 minutes past the hour, beginning at 8:00 a.m. and ending at 5:30 p.m. You can board the shuttle at the east side "Kiss & Ride" bus kiosk. There will be a sign on the vehicle that identifies it as the NIST Shuttle. You must show a valid I.D. to board the shuttle. Because of security procedures, the shuttle will drop passengers off at the Main Gate Visitor Center for processing. Main Gate persons may then request the Grounds Shuttle for further transportation on campus. When planning your Metro schedule, please be sure to allow sufficient time for processing relative to the start of the workshop.

DRIVING INSTRUCTIONS TO NIST MAIN CAMPUS:

From Washington/Virginia (Northbound I-270) Enter the Collector/Distributor lanes at Exit 9 and take Exit 10, Route 117 West, Clopper Road. Bear right at the first light onto Clopper Road/West Diamond Avenue. At the next light, turn left onto the NIST grounds. Check in at the Visitors Trailer behind the gate on the right.

From Frederick (Southbound I-270) take Exit 11, Route 124, Montgomery Village Avenue/Quince Orchard Road. Bear right at the first light onto Route 124 West, Quince Orchard Road. After you merge onto Rt. 124, Quince Orchard Road, turn left onto Route 117, West Diamond Avenue. Turn right at the first light onto NIST grounds. Check in at the Visitors Trailer behind the gate on the right.

From Baltimore Take 195 West. Take 95 South Exit #4B toward Washington. Take 495 West Exit #27-25 toward College Park/Silver Spring. Take 270 North Exit #35 toward Frederick. Take 270 Local North toward Montrose Road. Enter the Collector/Distributor lanes at Exit 9 and take Exit 10, Route 117 West, Clopper Road. Bear right at the first light onto Clopper Road/West Diamond Avenue. At the next light, turn left onto the NIST grounds. Check in at the Visitors Trailer behind the gate on the right.

Directions to the Administration Building (101)
After receiving your badge, proceed to the Administration building by turning right out of the Visitors Center parking lot and then make an immediate left at the stop sign. The Administration building is the tallest building (11-story tower) and parking is available in the lots across from it. The Red Auditorium is on the main level of Building 101.

See http://www.nist.gov/public_affairs/visitor/visitor.htm for additional visitor information.

REGISTRATION INFORMATION:
Teresa Vicente
National Institute of Standards and Technology
Telephone: (301) 975-3883 or 301-975-2776
Fax. (301) 948-2067
Email: teresa.vicente@nist.gov

TECHNICAL INFORMATION:
Arnold Johnson
National Institute of Standards and Technology
Telephone: (301) 975-3247
Email: arnold.johnson@nist.gov

Pat Toth
National Institute of Standards and Technology
Telephone: (301) 975-5140
Email: patricia.toth@nist.gov

ADMINISTRATIVE INFORMATION
Peggy Himes
National Institute of Standards and Technology
Telephone: (301) 975-2489
Email: peggy.himes@nist.gov


 
 
Last updated: April 17, 2006
Page created: October 24, 2002
Disclaimer Notice & Privacy Policy
Comments and suggestions should go to: sec-cert@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration