Security Control Families Operational Class. Awareness & Training AT-2Security Awareness...
-
Upload
claribel-johnston -
Category
Documents
-
view
218 -
download
0
Transcript of Security Control Families Operational Class. Awareness & Training AT-2Security Awareness...
![Page 1: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/1.jpg)
Security Control Families
Operational Class
![Page 2: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/2.jpg)
ID Class Family # ofCA Management Security Assessment and Authorization 6PL Management Planning 5PM Management Program Management 11RA Management Risk Assessment 4SA Management System and Services Acquisition 14/40AT Operational Awareness and Training 5CM Operational Configuration Management 9CP Operational Contingency Planning 10IR Operational Incident Response 8MA Operational Maintenance 6MP Operational Media Protection 6PE Operational Physical and Environmental Protection 19PS Operational Personnel Security 8SI Operational System and Information Integrity 13/84AC Technical Access Control 19AU Technical Audit and Accountability 14IA Technical Identification and Authentication 8SC Technical System and Communications Protection 34/75
![Page 3: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/3.jpg)
Awareness & Training
AT-2 Security AwarenessAT-3 Security TrainingAT-4 Security Training Records
800-16 800-50
800-84 – Plan Testing, Training and Exercise
CP-3 Contingency TrainingIR-2 Incident Response TrainingCP-4 Contingency Plan Testing and ExercisesIR-3 Incident Response Testing and Exercises
![Page 4: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/4.jpg)
![Page 5: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/5.jpg)
TT&E
Test Training Exercises
– Tabletop– Functional
CP-3 Contingency TrainingIR-2 Incident Response TrainingCP-4 Contingency Plan Testing and ExercisesIR-3 Incident Response Testing and Exercises
![Page 6: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/6.jpg)
CP TT&E
![Page 7: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/7.jpg)
CP TT&E
![Page 8: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/8.jpg)
Configuration Management
CM-2 Baseline ConfigurationCM-3 Configuration Change ControlCM-4 Security Impact AnalysisCM-5 Access Restrictions for ChangeCM-6 Configuration SettingsCM-7 Least Functionality
CM-8Information System Component Inventory
CM-9 Configuration Management Plan
800-70 800-128 CM
OMB 07-11 OMB 07-18 OMB 08-22
SCAP/NVD
FDCC
![Page 9: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/9.jpg)
![Page 10: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/10.jpg)
The Phases of Security-focused Configuration Management
![Page 11: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/11.jpg)
SCAP v1.2 Components
![Page 12: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/12.jpg)
Additional SCAP Terminology
![Page 13: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/13.jpg)
Knowledge Check
Which SCAP specifications provide a standard naming convention for operating systems, hardware, and applications for the purpose of providing consistent, easily parsed names?
What is defined as an identifiable part of a system (e.g., hardware, software, firmware, documentation, or a combination thereof) that is a discrete target of configuration control processes?
Which special pub provides guidelines on designing, developing, conducting, and evaluating test, training, and exercise (TT&E) events?
![Page 14: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/14.jpg)
Contingency Planning
CP-6 Alternate Storage SiteCP-7 Alternate Processing SiteCP-8 Telecommunications ServicesCP-9 Information System BackupCP-10
Information System Recovery and Reconstitution
800-34
FCD 1
![Page 15: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/15.jpg)
Type of Plans
![Page 16: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/16.jpg)
Contingency Planning Process
![Page 17: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/17.jpg)
Business Impact Analysis
![Page 18: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/18.jpg)
System/Process Downtime
Maximum Tolerable Downtime (MTD) Recovery Time Objective (RTO) Recovery Point Objective (RPO)
![Page 19: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/19.jpg)
Recovery Strategies
![Page 20: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/20.jpg)
![Page 21: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/21.jpg)
Incident Response
IR-4 Incident HandlingIR-5 Incident MonitoringIR-6 Incident ReportingIR-7 Incident Response AssistanceIR-8 Incident Response Plan
800-61Incident Response
800-83 (SI)Malware
![Page 22: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/22.jpg)
Handling an Incident
Preparation Detection and Analysis Containment, Eradication, and Recovery Post-Incident Activity
![Page 23: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/23.jpg)
Incident Reporting Organizations
US-CERT [IR 6,7]
Information Analysis Infrastructure Protection (IAIP) CERT® Coordination Center (CERT®/CC) Information Sharing and Analysis Centers (ISAC)
Each agency must designate a primary and secondary POC with US-CERT, report all incidents, and internally document corrective actions and their impact. [IR-7]
![Page 24: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/24.jpg)
Federal Agency Incident Reporting Categories
CAT 0 - Exercise/Network Defense Testing CAT 1 - *Unauthorized Access CAT 2 - *Denial of Service (DoS) CAT 3 - *Malicious Code CAT 4 - *Inappropriate Usage CAT 5 - Scans/Probes/ Attempted Access CAT 6 - Investigation
* Any incident that involves compromised PII must be reported to US-CERT within 1 hour of detection regardless of the incident category reporting timeframe.
![Page 25: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/25.jpg)
Knowledge Check
Name the contingency planning variable that defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business functions, and the MTD?
What is created to correlate the information system with critical mission/business processes, which is further used to characterize the consequences of a disruption?
Which Federal mandate requires agencies to report incidents to US-CERT?
What is the US-CERT incident category name and reporting timeframe for a CAT-2 incident?
![Page 26: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/26.jpg)
System Maintenance
MA-2 Controlled MaintenanceMA-3 Maintenance ToolsMA-4 Non-Local MaintenanceMA-5 Maintenance PersonnelMA-6 Timely Maintenance
800-63 - E-Auth (IA) 800-88 – Sanitization (MP)
FIPS 140-2 - Crypto FIPS 197 - AES FIPS 201 – PIV (IA)
![Page 27: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/27.jpg)
Encryption Standards
FIPS 140-2– Level 1 – Basic (at least one Approved algorithm or Approved
security function shall be used)– Level (EAL) 2 - Tamper-evidence, requires role-based
authentication– Level (EAL) 3 – Intrusion detection and prevention, requires
identity-based authentication mechanisms – Level (EAL) 4 – Zeroization, environmental protection
Advanced Encryption Standard (FIPS 197)
27
![Page 28: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/28.jpg)
Media Protection
MP-2 Media AccessMP-3 Media MarkingMP-4 Media StorageMP-5 Media TransportMP-6 Media Sanitization
800-56 800-57 800-60 800-88 - Sanitization 800-111 – Storage
Encryption
Key Management
![Page 29: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/29.jpg)
Storage Encryption Technologies
![Page 30: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/30.jpg)
Media Sanitization
Disposal - discarding media with no other sanitization considerations
Cleaning - must not allow information to be retrieved by data, disk, or file recovery utilities.
Purging - protects the confidentiality of information against a laboratory attack.
Destroying - ultimate form of sanitization: disintegration, incineration, pulverizing, shredding, and melting.
30
![Page 31: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/31.jpg)
Sanitization and Disposition Decision Flow
![Page 32: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/32.jpg)
Physical & Environmental ProtectionPE-2 Emergency ShutoffPE-3 Emergency PowerPE-4 Emergency LightingPE-5 Fire ProtectionPE-6 Temperature and Humidity ControlsPE-7 Water Damage ProtectionPE-8 Delivery and RemovalPE-9 Alternate Work Site
PE-10Location of Information System Components
PE-11 Physical Access AuthorizationsPE-12 Physical Access ControlPE-13 Access Control for Transmission MediumPE-14 Access Control for Output DevicesPE-15 Monitoring Physical AccessPE-16 Visitor ControlPE-17 Access RecordsPE-18 Power Equipment and Power Cabling
800-46 – Telework/ Remote Access
800-73 800-76 800-78 FIPS 201
PIV (IA)
![Page 33: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/33.jpg)
Physical Access Controls
Badges Memory Cards Guards Keys True-floor-to-true-ceiling
Wall Construction Fences Locks
![Page 34: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/34.jpg)
Fire Safety
Ignition Sources Fuel Sources Building Operation Building Occupancy Fire Detection Fire Extinguishment
![Page 35: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/35.jpg)
Supporting Utilities
Air-conditioning System Electric Power Distribution Heating Plants Water Sewage Planning for Failure
– Mean-Time-Between-Failures (MTBF) – Mean-Time-To-Repair (MTTR)
![Page 36: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/36.jpg)
Personnel Security
PS-2 Position CategorizationPS-3 Personnel ScreeningPS-4 Personnel TerminationPS-5 Personnel TransferPS-6 Access AgreementsPS-7 Third-Party Personnel SecurityPS-8 Personnel Sanctions
800-73 800-76 800-78
5 CFR 731.106 Designation of public trust positions and investigative requirements.
ICD 704 Personnel Security Standards (SCI)
PIV (IA)
![Page 37: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/37.jpg)
Staffing
![Page 38: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/38.jpg)
User Administration
User Account Management Audit and Management Reviews Detecting Unauthorized/Illegal Activities Temporary Assignments and In-house Transfers Termination
![Page 39: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/39.jpg)
Termination
Friendly Termination Unfriendly Termination
![Page 40: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/40.jpg)
Knowledge Check
Which FIPS 140-2 encryption level requires identity based authentication?
What is the FIPS publication specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits?
What is the recommended disposal method, from the sanitization guidelines of NIST SPO 800-88, for paper-based medical records containing sensitive PII?
What is the supporting guideline for PS-9 Alternate Work Site?
![Page 41: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/41.jpg)
Systems Integrity
SI-2 Flaw RemediationSI-3 Malicious Code ProtectionSI-4 Information System Monitoring
SI-5Security Alerts, Advisories, and Directives
SI-6 Security Functionality Verification
SI-7Software and Information Integrity
SI-8 Spam ProtectionSI-9 Information Input RestrictionsSI-10 Information Input ValidationSI-11 Error Handling
SI-12Information Output Handling and Retention
800-40 – Patching (RA) 800-45 - Email 800-61 – Incidents (IR) 800-83 - Malware 800-92 – Logs (AU) 800-94 - IDPS
NVD/CWE
![Page 42: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/42.jpg)
Malware Incident Prevention & Handling
Malware Categories Malware Incident Prevention
– Policy– Awareness– Vulnerability Mitigation– Threat Mitigation
Malware Incident Response– Preparation – Detection– Containment– Eradication– Recovery– Lessons Learned
![Page 43: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/43.jpg)
Malware Categories
Viruses– Compiled Viruses– Interpreted Viruses– Virus Obfuscation Techniques
Worms Trojan Horses Malicious Mobile Code Blended Attacks Tracking Cookies Attacker Tools
– Backdoors– Keystroke Loggers– Rootkits– Web Browser Plug-Ins– E-Mail Generators– Attacker Toolkits
Non-Malware Threats– Phishing– Virus Hoaxes
![Page 44: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/44.jpg)
Uses of IDPS Technologies
Identifying Possible Incidents Identify Reconnaissance Activity Identifying Security Policy Problems Documenting Existing Threat to an Organization Deterring Individuals from Violating Security Policies
![Page 45: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/45.jpg)
Key Functions of IDPS Technologies
Recording information related to observed events Notifying security administrators of important observed
events Producing reports Response Techniques
– Stops Attack– Changes Security Environment– Changes Attack’s Content
False Positive False Negative Tuning Evasion
![Page 46: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/46.jpg)
Common Detection Methodologies
Signature-Based Detection Anomaly-Based Detection Stateful Protocol Analysis
![Page 47: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/47.jpg)
Types of IDPS Technologies
Network-Based Wireless Network Behavior Analysis Host Based
![Page 48: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/48.jpg)
Email Security - Spam
Ensure that spam cannot be sent from the mail servers they control
Implement spam filtering for inbound messages Block messages from known spam-sending servers
![Page 49: Security Control Families Operational Class. Awareness & Training AT-2Security Awareness AT-3Security Training AT-4Security Training Records 800-16.](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e395503460f94b2a7db/html5/thumbnails/49.jpg)
Operational Security Controls Key Concepts & Vocabulary
Awareness and Training Configuration Management Contingency Planning Incident Response Maintenance Media Protection Physical and Environmental Protection Personnel Security System and Information Integrity