Risk Management Framework: Cyber Security Compliance for Modeling, Simulation, and Training Systems
(Room 320E)
02 Dec 19
12:45 PM
-
2:15 PM
Tracks:
Full Schedule, Monday Schedule
Cybersecurity, it is everywhere we look in today’s world and when it comes to government systems it can seem like an extremely broad topic which evokes the fear of insurmountable regulations that ultimately provide little benefit. This tutorial aims to break the stigma surrounding Cybersecurity compliance as nothing more than a burdening nuisance and leave the audience with an understanding of the ultimate goals of the Risk Management Framework (RMF) and how it was designed to relieve excessive regulation and costs. The primary goal of Cybersecurity RMF compliance is to ensure the confidentiality, integrity and availability of government run systems, software, and data are upheld, enabling those systems to remain operational and available to support military missions. Such missions include simulation and training environments which are becoming increasingly more important to protect as the concept of force readiness becomes a priority for the world’s militaries.This tutorial will focus on understanding the requirements for the Cybersecurity Risk Management Framework (RMF) and how it applies to modeling, simulation, and training systems. We will detail the need for Cybersecurity compliance, the key concepts, and why it is critical for military, government, and even civilian applications. The tutorial will then dive deeply into the regulations behind RMF and the certifications required for compliance. This will include where to find additional information and how to achieve those certifications, from both a government and contractor perspective.The tutorial will then explain the general process of approaching RMF compliance and how the Cybersecurity implementation plans are created and revised in the requirements gathering phase. Using these RMF requirements and concepts, the tutorial will then take it a step further and analyze the documentation deliverables associated with RMF, their purposes, and finally the government processes necessary to submit a system for an Authority-to-Operate decision. Attendees will gain a strong foundational understanding of the Cybersecurity Risk Management Framework and how to apply it in their own programs.