Cramming for FISMA - How to Launch a NIST 800-53 Moderate System in 180 Days

Learn how to rapidly deploy a NIST 800-53 Moderate System in just 180 days in this 49-minute conference talk from the RSA Conference. Explore real-world experiences and actionable advice for meeting FISMA compliance requirements, including potential pitfalls and strategies to overcome challenges. Discover the process of impact level determination, aligning corporate security policies with NIST standards, and leveraging cloud infrastructure. Gain insights into system security plan development, independent assessment results, and obtaining Authority to Operate (ATO). Understand staffing considerations and key success factors for launching a compliant system under tight deadlines. Requires basic knowledge of AWS service architecture, compliance frameworks, and high-level understanding of system architecture and operations.

Intro
Back Story
What the FCC Wanted
What is FISMA Compliance?
Impact Level Determination Guidelines
Task 1: Impact Level Determination
NIST Security Control Requirements
NIST 800-53 Control Requirement Overview
Task 2: NIST Security Control Requirement Detail
Task 2: Align Corporate Security Policy with NIST
Task 2: Infrastructure Impacts - The Case for Cloud
Task 2: Software Architecture and Design Impacts
System Security Plan Development
Independent Assessment Results
POA&M and ATO - Authority to operate
Overcoming Challenges
Staffing for Success
Our Secret Sauce