2016_HSA_Yrbk_YUMPU_r2___

More documents

Recommendations

Info

Link to Web Page of Nominated Organization: –––––––––––––––––––––––––––––––––––––––– https://www.fema.gov/ Link to additional information: –––––––––––––––––––––––––––––––––––––––– Given the nature of this project, there is limited publicly available information. What information can be found on the internet has been included here. able to address the authentication needs for all applications within an organization as large and complex as FEMA. Accordingly, the team created a standardized approach which took into consideration the systems’ technical platforms (Powerbuilder, Java, .NET, Custom- Off-The-Shelf ) and other mitigating factors such as end user population types, need for mobility support, the production environment and other critical factors. Moreover, the integrated team took into consideration a user population that does not currently use PIV cards for access: namely state, local, tribal, and territorial (SLTT) users. The solution allowed them continued access to the systems through user name and password authentication as a temporary workaround until PIV-I would be rolled out. The system deployments were planned to minimize the impact to the mission of the organization. Application releases were grouped based on technology, authentication method and application dependency. The first group deployment, in mid-February <strong>2016</strong>, included applications dependent on the mission-critical National Emergency Management Information System (NEMIS) system. The second group of applications, mostly relying on the FEMA Integrated Security and Access Controls – FEMA Access Management System (ISAAC - FAMS) landing page, were deployed at the end of February. The last group of systems, primarily includ- Continued on next page This quick reference guide helps to demonstrate the proper use of the system. It helps to explain how the user interface changed to increase security without impacting current work products: http://floodmaps.fema.gov/tutorials/piv/MIP_PIV_ Quick_Reference_Guide.pdf Note from FEMA Chief Information Security Officer (CISO), Donna Bennett to employees describing the implementation of the single sign on system: https://www.fema.gov/media-library- data/1458661814326-bf98611bc38ad- 8ba63241578a3e2c145/PIVRollout.txt Helps to describe the innovative nature of FEMA’s authentication program and its impact: https://gcn.com/articles/<strong>2016</strong>/10/06/dig-it-fema-authentication.aspx Nominating contact for this entry: –––––––––––––––––––––––––––––––––––––––– Thomas Coleman, Partner IBM Global Business Services office: 301-803-6689 cell: 202-320-3280 Nominating contact email address: –––––––––––––––––––––––––––––––––––––––– thomas.coleman@us.ibm.com Nominating organization address: –––––––––––––––––––––––––––––––––––––––– IBM Corporation 600 14th St, NW, Floor 2 Washington, DC 20005-2012, US 83
ing Cloud based systems and systems outside of the FEMA Enterprise Network, were deployed at the end of March, meeting the initial six-month deadline through tight collaboration across all stakeholders. The completion of PIV/SSO enablement is a significant step in furthering FEMA’s cyber defenses and controls to better protect FEMA data, including information from disaster survivors and FEMA partners. The PIV/SSO effort not only introduced a scalable enterprise security platform but it also integrated all FEMA’s critical systems within the infrastructure to ensure the security of the organization’s applications and the data which it maintains. This was accomplished with minimal user interruption as the integrated FEMA-IBM team carefully planned the deployment of the systems taking into consideration FEMA restrictions of system changes during active disaster declarations. This project PIV enabled FEMA systems at the application level, allowing FEMA to attain the Level of Assurance 4, in accordance with the NIST SP 800-63 requirements, for their high value systems. With this capability, the agency has transformed the way all users access their applications, simplifying and streaming their access to the applications while improving system security and reducing FEMA operational overhead of manually updating employee records. By creating a standardized solution approach across disparate identity architectures throughout different FEMA IT Systems, this project also reduces the effort for any new system to be integrated within FEMA’s enterprise security infrastructure in the future. The FEMA PIV/SSO effort applied industry-leading security standards and created a robust security layer, which enhances FEMA’s ability to both secure and control access to sensitive information. This implementation not only leveraged an architecture that conforms to various FICAM model objectives, but also helped FEMA reach its objective of meeting OMB and DHS mandates. Summary highlights of how the PIV/SSO initiative transformed FEMA’s security posture include: • Implementation of an architecture that conforms to goals for Federal Identity, Credential, and Access Management (FICAM) model. • FEMA attainment of Level of Assurance 4, in accordance with the NIST SP 800-63 requirements, for their high value systems. • Implementation of appropriate policy controls such as User Based Enforcement (UBE). • Reduced PII Exposure and improved audit reporting. • A standardized solution across disparate identity architecture throughout different FEMA IT Systems. • Reduced FEMA operational overhead of manually updating employee records. 84
Page 1 and 2:
The GSN 2016 Digital Yearbook OF Ho
Page 4 and 5:
The GSN 2016 Homeland Security Awar
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
GSN 2016 DIGITAL YEARBOOK OF HOMELA
Page 14 and 15:
ties carried over proprietary contr
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35: onto the expansion cable of Hirsch
Page 38 and 39: a library of more than 150 question
Page 40 and 41: and our proxy technology protects t
Page 42 and 43: any code changes, or hardware and d
Page 44 and 45: 43
Page 46 and 47: ates context-rich alerts, summarizi
Page 48 and 49: erArk can isolate, monitor, record
Page 50 and 51: with today’s sophisticated and ta
Page 52 and 53: 51
Page 54 and 55: Category #1: Vendors of IT Security
Page 56 and 57: Category #1: Vendors of IT Security
Page 58 and 59: DETECTION PRODUCTS Best Chemical De
Page 60 and 61: Link to Web Page of Nominated Organ
Page 62 and 63: saves lives. By immediately notifyi
Page 68 and 69: of experience with acoustic gunshot
Page 70 and 71: environments with zero false alerts
Page 72 and 73: organizations. The prefabricated un
Page 78 and 79: Category #2: Vendors of Physical Se
Page 80 and 81: 2016 Government Excellence Entry se
Page 82 and 83: quickly and easily create rules tha
Page 86 and 87: 85
Page 88 and 89: National Cybersecurity and Communic
Page 90 and 91: attacks and knowledge assessments a
Page 94 and 95: to over 540 graduates from 57 diffe
show all

2016_HSA_Yrbk_YUMPU_r2___

Create successful ePaper yourself

Delete template?

Save as template?