Cybersecurity COI

The American Council for Technology - Industry Advisory Council (ACT-IAC) Cybersecurity-COI is pleased to announce the publication of a white paper entitled "ATO as Code: Enabling #Cybersecurity Modernization Through Risk Management Framework Compliance Automation". The report issues a call to action for a unified approach for modernizing the Authorization to Operate (#ATO) process or Risk Management Framework (#RMF) implementation. This report articulates the significance of intelligent automation in bolstering the efficiency and effectiveness of compliance efforts, thereby enhancing cybersecurity risk management. It underscores the necessity for standardized data communication and advocates for the adoption of Open Security Controls Assessment Language (#OSCAL), an open framework for automating assessments. In addition, the report introduces the Compliance Automation Process Maturity Model (CA PMM), a five-tier framework for organizations to adopt and scale the OSCAL. The report concludes with strategic recommendations for key entities including Congress, the Cybersecurity and Infrastructure Security Agency (CISA), the GSA, the National Institute of Standards and Technology (NIST), and other Federal agencies. This work holds significant implications for both cybersecurity experts and policymakers, providing a roadmap for modernizing and automating compliance processes. Read the paper now - https://lnkd.in/e8JPdSWu Thank you to the collaborative efforts of our government/industry project volunteers who developed this game changing resource - James Saunders (U.S. Office of Personnel Management (OPM), Dan Jacobs (OPM), Gaurav Pal (stackArmor), Paul Weston (U.S. Department of Homeland Security U.S. Immigration and Customs Enforcement (ICE), Satyaveer Satvat, CISSP, PMP®, FAC P/PM III, CSPO, SAFe® (GSA), Macey Smith (US AI), David Nguyen, JD, MBA, CISSP, PMP, SAFe, CSM (US AI), Rachel Sile (U.S. Department of the Interior), Dr. Prentice Norman, CISSP, PMP, CEH, ITIL v3, CSM, CSAM (VMD Corp.), Pirooz Javan (Easy Dynamics Corp), Janis Richards (Gunnison Consulting Group, Inc.), Marcus Walker (ASRC Federal), Jamal Webster (CGI Federal), and Hidayatullah Ahsan (TechIcon, Inc.). Sean Connelly🦉 Darryl E. Peek II Brian Tirch Robert Wood Steven Hernandez Heather Kowalski Beau Houser Amy Hamilton, Ph.D. Dr. Tiina K.O. Rodrigue, EdD - she/her

We are pleased to announce the publication of a new white paper entitled "ATO as Code: Enabling Cybersecurity Modernization Through Risk Management Framework Compliance Automation" developed by the Cybersecurity Community of Interest. The report issues a call to action for a unified approach for modernizing the Authorization to Operate (ATO) process or Risk Management Framework (RMF) implementation. This report articulates the significance of intelligent automation in bolstering the efficiency and effectiveness of compliance efforts, thereby enhancing cybersecurity risk management. It underscores the necessity for standardized data communication and advocates for the adoption of Open Security Controls Assessment Language (OSCAL), an open framework for automating assessments. In addition, the report introduces the Compliance Automation Process Maturity Model (CA PMM), a five-tier framework for organizations to adopt and scale the OSCAL. The report concludes with strategic recommendations for key entities including Congress, the Cybersecurity and Infrastructure Security Agency (CISA), the General Services Administration (GSA), the National Institutes of Standards and Technology (NIST), and other Federal agencies. This work holds significant implications for both cybersecurity experts and policymakers, providing a roadmap for modernizing and automating compliance processes. Read the paper now - https://lnkd.in/e8JPdSWu Thank you to the collaborative efforts of our government – industry project volunteers who developed this wonderful resource - James Saunders (U.S. Office of Personnel Management (OPM)), Dan Jacobs (OPM), Gaurav Pal (stackArmor), Paul Weston (U.S. Department of Homeland Security ICE), Satyaveer Satvat, CISSP, PMP®, FAC P/PM III, CSPO, SAFe® (GSA), Macey Smith (US AI), David Nguyen, JD, MBA, CISSP, PMP, SAFe, CSM (US AI), Rachel Sile (U.S. Department of the Interior), Dr. Prentice Norman, CISSP, PMP, CEH, ITIL v3, CSM, CSAM (VMD Corp.), Pirooz Javan (Easy Dynamics Corp), Janis Richards (Gunnison Consulting Group, Inc.), Marcus Walker (ASRC Federal), Jamal Webster (CGI Federal), Hidayatullah Ahsan (TechIcon, Inc.)

We have a regular, established rhythm with our American Council for Technology - Industry Advisory Council (ACT-IAC) Cybersecurity-COI membership meetings: introductions, administrative matters, and then a guest speaker. It works. And it works well. We’ve decided to change it up for our April 19 iteration. We’ll have three segments: 1) briefing on our #ATO as Code project by the support team and federal sponsors, James Saunders and Dan Jacobs, 2) introduction to the U.S. Department of Health and Human Services (HHS) 405d PMO, and 3) a capstone project outbrief by Indiana University Bloomington students of Scott Shackelford JD, PhD. (I’ll provide previews of #’s 2 & 3 in the coming weeks.) The ATO as Code has been a BIG hit. Timely subject matter. James and Dan have been outstanding, engaged sponsor and lead. Gaurav Pal has been exemplary as the project manager (we don’t always get CEOs as our PM’s). Jason Miller agrees with this assessment. Stay tuned for his piece on the project sometime in the coming months or weeks. I’ll defer to the project team to release the full report when they feel the time is right. But I wanted to provide the project synopsis as a preview of what the team will be discussing on April 19: “This ATO-as-Code report issues a call to action for a unified approach for modernizing the Authorization to Operate (ATO) process or Risk Management Framework (#RMF) implementation. This report articulates the significance of intelligent automation in bolstering the efficiency and effectiveness of compliance efforts, thereby enhancing cybersecurity risk management. It underscores the necessity for standardized data communication and advocates for the adoption of Open Security Controls Assessment Language (#OSCAL), an open framework for automating assessments. To that end, the report introduces the Compliance Automation Process Maturity Model (CA PMM), a five-tier framework for organizations to adopt and scale the OSCAL. The report concludes with strategic recommendations for key entities including Congress, the Cybersecurity and Infrastructure Security Agency (CISA), the GSA, the National Institute of Standards and Technology (NIST), and other Federal agencies. This work holds significant implications for both cybersecurity experts and policymakers, providing a roadmap for modernizing and automating compliance processes.” We hope to see you on April 19. More previews to come! #cyber #cybersecurity Foxhole Technology

I wanted to follow up to one promising thread/prospect from our Cybersecurity-COI membership meeting with Les Call last week. We are exploring the possibility of collaborating with Les to address some challenges his office is facing. The Cyber COI is in a unique position to support the United States Department of Defense #ZeroTrust PfMO by calling upon insights gained and lessons learned from our foundational #ZT projects that kicked off in 2018. Our May 2019 ZT whitepaper guidebook, which is considered a foundational document for related efforts we hear about every day, has been cited by NIST. For your perusal, I wanted to re-share key items from the Cyber COI’s archives: Zero Trust Cybersecurity Current Trends https://lnkd.in/eA4SH87Y Zero Trust Cybersecurity Current Trends https://lnkd.in/eFgTj55Y Zero Trust Project Briefing https://lnkd.in/eec_SXgs David McKeown Randy Resnick Theodore Gates Dan Jacobs Steven Hernandez Dr. Darren Death

Join the American Council for Technology - Industry Advisory Council (ACT-IAC) Cybersecurity-COI Member meeting to hear from guest speaker Les Call, Deputy Director of the United States Department of Defense #ZeroTrust Portfolio Management Office (PfMO) as well as updates and opportunities to join our active projects! March 15, 2024 11AM to 12PM Eastern Time REGISTER HERE: https://lnkd.in/geBpDMF6

Passionate about data? Love logging? Curious about OMB M 21-31? Wanna dominate incident response and investigations? Join the Data Dominance project with ACT-IAC's Cybersecurity Community of Interest! Free for government/academic members to join and commercial folks can participate through ACT-IAC membership. More information can be found here: https://lnkd.in/d46R_BUE If interested in joining our community of interest more information can be found here: https://lnkd.in/dB-svY3V #OMBM21-31 #data #bigdata #datalake #datalakehouse #datascience #ai #incidentresponse #cyberinvestigation

Folks, We ended up needing to repost our ICAM Program Manager position! To be clear this had nothing to do with the amazing pool of candidates who submitted on the original posting. With that in mind, if you DID apply to that posting, please reapply here and tender my apologies in advance for the extra work! Apply soon if interested as this will close the day we get 100 applications! https://lnkd.in/dEZ5hwfz Huge thanks to Davon Tyler, CISSP, Michael Klein and this amazing community for the amplification last round! #icam #zta #programmanagement #leadership #iam #contractmanagement #riskmanagement #devsecops #ai The vacancy announcement referenced below was just reposted to USAJOBS. Following are the details of the reposting:   Title: GS-2210-15 Cyber Security Specialist (ASA) / Organizational Title: Identity, Credential, and Access Management (ICAM) Program Manager   Announcement(s)#:                     OCIO-2024-0004   # of Vacancy(s):                        1 (One)   Office: OCIO, Information Assurance Services (IAS) / Security Engineering and Architecture Management Branch   Open Period:                            2/20/2024 to 3/4/2024   The announcement will close on 3/4/2024 or once 100 applications have been received, whichever occurs first.    OCIO-2024-0004, GS-2210-15 Cyber Security Specialist (ASA) (Open to all sources) https://lnkd.in/dEZ5hwfz