- This event has passed.
RMF 2.0 Step Prepare-5, Common Control Identification, a detail deep dive!
April 6 @ 9:30 am - 11:30 am
Early compliance assessor Sir Isaac Newton once said, “If my systems are made more secure, it is by standing on the shoulders of Giants.”
Revision 2 of the NIST SP[masked] (RMF 2.0) devotes significant attention to common controls. Indeed, task P-5 of the new “Prepare” step is common control identification. But how common is our approach to “common controls?” What is a “common control?” Is there a way to share common controls across organizations? And what are the best practices for identifying, documenting, authorizing, and publishing organizational common controls?
This talk will provide an examination of common controls management to maximize reuse and accelerate your ATO process. After reviewing the official guidelines for common controls defined in[masked] rev 2, we’ll explore emerging approaches to unlocking the potential for control reuse within your organization by extending the notion of control inheritance to each and every system element. We’ll discuss authoring controls in formats that are simultaneously human- and machine-readable to support accelerated ATOs (e.g., ATO-In-a-Day and C2C24) and continuous monitoring in today’s modern cloud and DevSecOps world. Note for the curious: C2C24 refers to the Navy’s “Compile-to-Combat in 24 Hours” pilot program.
PRESENTER: Greg Elin is an expert in managing enterprise data and deploying open technologies to improve government services and performance. He is the Founder and CEO of GovReady PBC, a company focused on aligning cybersecurity compliance with modern software development. Mr. Elin was previously the Chief Data Officer for the Federal Communications Commission. During his tenure the Commission launched its first APIs, a National Broadband Map, crowdsourced measurements of wireline and wireless broadband speeds, and an online database of television stations’ public inspection files. He served on the White House Task for Smart Disclosure and co-chaired the CIO Council’s Information Sharing Subcommittee. Prior to government service, he created the Sunlight Labs, the technology arm of the Sunlight Foundation, widely regarded as a tent-pole organization in the Civic Tech community. He has more than 20 years experience helping organizations adapt to disruptive IT changes.
NOTE THE LOCATION : Marymount University Ballston Center, 1000 N. Glebe Road, Arlington, Virginia. Here are instructions On How To find the location and our room there.
METRO: From the Ballston-MU Metro Station, head west on Fairfax DR toward N Stuart ST. Walk for 0.2 mile. Cross N Glebe RD to the entrance.
DRIVING: At the intersection of N Glebe RD and Fairfax DR. Underground parking costs $5 and must be paid using credit card. Turn off Fairfax Drive across from the Holiday Inn Arlington At Ballston. Almost immediately, turn right at the corner of their building at 1000 N. Glebe Road. There are Marymount University signs on the drive down parking entrances are on the right.
HOW TO FIND OUR ROOM: Go to lobby and take the elevator to 2nd Floor. Turn to your left to another elevator to fourth floor. Follow signs to the assigned room that will be determined by number of people who RSVP.
Besides earning Professional Development Units (PDUs) for participating our RMF LifeBoat ISSA Education Group meeting, we all receive the encouragement and help we need for our cyber security professional growth. The friendly interactive presentations by our members of the meetup always lead to lively respectful discussions. Members always take away information that they that can be applied on the job in the following weeks! In additional our LifeBoat group meetings provide opportunities for the all-important professional networking. If you have a vexing problem, share with like-minded security professionals. They may have already successfully developed a way forward to resolve it.