33 Matching Annotations
  1. Feb 2020
    1. e default judgment value set consistent with NIST guidance is the 845 two-value set, Satisfied or Other than Satisfiedor equivalently, True/False

      criteria for a "meets requirement"

    2. For a scope of only the DEFINE and ESTABLISH ISCM Process Steps, only elements 711 applicable to ISCM Process Steps 1 and 2 are selected from the Catalog or organization-712 defined set of assessment elements. Note that each element is applicable to only one 713 Process Step, and multiple steps are sequential and include Step 1, DEFINE.

      caveat statement on the abstraction of "IT" shop, maybe program, not system level implementation?

    3. The [ Catalog] provided with this publication is an extensive set of ISCM program assessment 700 elements and is considered to be the minimum set of elements needed for a comprehensive 701 ISCM program assessment.

      confusing statement about this being an "extensive set" while being considered "to be the minimum set of elements needed" comprehensive is perhaps enough of a qualifier but still a confusing statement.

    4. Organizations may incorporate additional assessment elements to 667 evaluate the assessment of individual controls or the control assessment process, if desired, as 668 part of the ISCM program assessment tailoring process

      previous comment about the need to enforce supplemental guidance if this route is taken

    5. The ISCM program monitors the security status of systems and the environments in 626 which those systems operate on an ongoing basis with a frequency sufficient to make 627 ongoing, risk-based decisions on whether to continue to operate the systems within the 628 organization; and

      monitoring!

    6. ISCM results are reported to appropriate officials who make ongoing authorization 630 decisions.

      reporting!

    7. The metrics provided by the ISCM program are considered sufficiently stable and robust 624 for informing OA decisions;

      metrics!

    8. Control assessments (in accordance with NIST SP 800-53A) are conducted at a 622 documented frequency sufficient to support OA;

      frequency!

    9. ISCM program assessment from the guidance in this publication is 443 likely to produce different assessment criteria depending on what is important to the organization 444 or assesso

      There should be an explicit requirement for any organization that chooses to tailor or enhance criteria that deviations be publicly disclosed as supplemental guidance.

  2. Apr 2019
    1. If your agency already has an admin listed, do you need their approval to be appointed as an admin?

      Should be subtitles

  3. Oct 2018
    1. Leveraging cybersecurity expertise in the FedRAMP program will allow the Federal Government to continue to increase the efficiency and effectiveness of agency security practices in adopting cloud systems, while eliminating the burden on security professionals, providers, and agency leadership.

      no coverage of automation or focus on inheritance

    2. DHS’s Continuous Diagnostics and Mitigation (CDM) program5 must continue to evolve in order to equip agencies with the monitoring tools and capabilities they need to understand their cyber risk in the cloud

      and allow for criteria that meets the needs of the requirement, not just a list of 3rd party vendors that provide tools to meet compliance

    3. confidentiality, security, and availability of its data

      integrity?

    4. detect malicious activity

      ...or unauthorized access

    5. For example, to utilize the distributed nature of cloud, moving security controls from the network perimeter closer to the data itself can improve the overall security posture

      amen

    6. efficiency, accessibility, and privacy

      should also be bolded

    7. requirements

      ... of the end-user or customer...

    8. nly need to provide their data

      provide or interoperate through an API?

    9. To achieve this goal, project development and execution efforts will often be needed to refactor applications to take advantage of new capabilities such as auto-provisioning and auto-scaling, and this must be factored into analysis and planning.

      More about refactoring applications to be non-monolithic not just auto-*

    10. A cloud migration strategy should not be considered a question of who owns the computing resources, data, and facility, but rather can this solution improve service delivery to citizens

      Statement is misaligned with Data-centric security control regimes

  4. Feb 2018
    1. would facilitate better environmental reviews in conjunction with the design of projects and would facilitate more efficient and more effective efforts to address environmental impacts.

      Why not enforce this somehow?

  5. Aug 2017
    1. Onboarding lead time Time between a request for a new application to use the DevSecOps platform and the application being deployed on the platform

      offboarding leadtime?

    2. SLA

      Service Level Agreeement

  6. Feb 2017
  7. Dec 2016
    1. A final note on what to include on each finding: think about the re-test. If six months down the line, the client comes back and requests a re-test, would any of your colleagues be able to reproduce your findings using exclusively the information you have provided in the report?

      Reproducibility == ready for automation

  8. Jun 2015
    1. OX App Suite Map..........................................................................................................................2 Portal..............................................................................................................................................3 Email................................

      a

    1. Featured Content

      Test... to show how you can highlight any text (in a map/pdf/html) annotate it, comment on it, tag it, and share it so all visitors can see your notes

      I am a qoute

      I am a link

      I am media

    1. Critical Habitat - Terrestrial - Polygon [USFWS] Critical Habitat - Terrestrial - Line [USFWS]

      Critical Habitat Layers need to be updated

  9. Apr 2015
    1. Page A basic page containing text and an optional hero.

      Project Pages

      New Page from which Downloads are Filtered and displays

    2. Download A page containing files for download, along with a description of them. You may attach multiple files.

      Downloads = Document Uploads

    3. Article An article. This might be a news item, a blog post, a staff news item, or an informational article.

      New Items

  10. Jan 2015
    1. git clone will give you the whole repository. After the clone, you can list the tags with git tag -l and then checkout a specific tag: git checkout tags/<tag_name>

      How to install a previous release/version via github