diacap tarry town

Job position for DIACAP Compliance Engineer at Tarrytown, NY

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Keywords: – STIG, TFS, DevOps, Windows Imaging WIX, MSI, PowerShell, Anti-Virus, Whitelisting

Job Description:
Background
Source code management (SCM) & DEVOPS team (Infrastructure Team) manages the entire continuous integration, continues development chain process of a global Engineering conglomerate.
Application is developed using Microsoft technology C#, C++, WPF, MVVM and custom control on Windows-7 platform. The backbone of the entire SCM is Microsoft TFS while the packaging strategy is utilizing MSI and WIX. The current build management is driven by customized XMAL with PowerShell usage. Now the plans are to move to VNEXT that provides flexibility as an orchestrator and allows better reporting, triggering and logging facility.
The Goal of this team is to make the entire infrastructure to be in compliant with DIACAP (DoD Information Assurance Certification and Accreditation) process

Expectations – The team is looking out for Engineers who can augment the current team and support on following tasks
This means the identified engineer needs experience in DIACAP process (not knowledge) on how the system could be transformed to be DIACAP compliant system.
• Experienced in the Security Technical Implementation Guide (STIG) that provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR).
• Identify loopholes and open items as part of IIS 7.0 Web Server to ensure that the IIS 7.0 becomes STIG compliant and thus related request handling and filtering are done in control manner and encryption is applied for protocols or data exchange for HTTP, FTP or telnet and more of such tasks etc.
• Ensuring the basic need of McAfee VirusScan 8.8 Managed Client STIG that highly suggests to have antivirus to be monitoring 24*7 along with no possibility of stoppage of such services and availability of antivirus signed files almost every day
• Ensure security enablement in Microsoft Internet Explorer 11 client used on Windows-7 workstations like script execution, popup restrictions as needed and stoppage of unsigned ACTIVEX controls
• Experience in interpreting STIG scans that reflect results on periodic basis.
• Experience in working on adding check and controls in build management system that automates scans ensure STIG compliance.

Soft Skills
• Good Team Player
• Good Written and verbal communication skills
• Customer facing experience would be added advantage

www.enterprisesolutioninc.com Pradyut Bhattacharya
Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485

3_NIST SP 800-37 (rev 2) changes

NIST 800 37 Revision 2 – RMF for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST 800 37 Revision 2 Risk Management Framework for Information Systems and Organizations A System

Download the presentation in this Video & Learn more here:

http://securitycompliance.thinktific.com

This is an overview of NIST 800-37 Revision 2. I discuss the changes, the sources and Cybersecurity Framework.

NIST Special Publication 800-37, Revision 2
Risk Management Framework for Security and Privacy
Initial Public Draft: May 2018
Final Public Draft: July 2018
Final Publication: October 2018

NIST 37-800 Rev 2:
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf

Executive Order:
https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/

OMB:
https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/M-17-25.pdf

Cybersecurity Framework:
https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

NIST SP 800-53 (Revision 5):
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination

Defense Information Systems Agency (DISA)

STIG Update – DISA has released the Samsung Android OS 8 with KNOX 3.x Version 1 Release 1

STIG Update – DISA has released the Samsung Android OS 8 with KNOX 3.x Version 1 Release 1
DISA has released the Samsung Android OS 8 with KNOX 3.x Version 1 Release 1. The requirements of the STIG become effective immediately. The STIG is available at https://iase.disa.mil/stigs/Pages/index.aspx.

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your email address to log in. If you have questions or problems with the subscription service, please visit subscriberhelp.govdelivery.com. All other inquiries can be directed to subscriptions@disa.mil.

Supplemental Information to the Cloud Computing SRG Released

STIG Update – Supplemental Information to the Cloud Computing SRG Released
DISA has released supplemental information to the Cloud Computing SRG entitled “Cloud Related Baselines and EMASS Cloud Overlays v1r1” This file is available at http://iase.disa.mil/cloud_security/Pages/index.aspx

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

DISA has released the Draft Software Defined Networking (SDN) Controller Security Requirements Guide (SRG) Version 1

Request for Comments – DISA has released the Draft Software Defined Networking (SDN) Controller Security Requirements Guide (SRG) Version 1
DISA has released the Draft SDN Controller SRG for review. Please submit comments, recommended changes, and/or additions to the draft SRG by 27 April 2018 on the Comment Matrix spreadsheet, located with the SRG at https://iase.disa.mil/stigs/.

Comments should be sent via email to disa.stig_spt@mail.mil. Please include the title and version of the SRG in the subject line of your email.

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

STIG Update – DISA STIG Viewer 2.7

STIG Update – DISA STIG Viewer 2.7
DISA has released STIG Viewer 2.7. The STIG Viewer can be found at https://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx.

Included in this release are updates to better support Java 9, a more efficient checklist pie chart, and re-implementation of the right-side vulnerability display, where you can choose between two display preferences. Refer to the Change Log for STIG Viewer 2.7 for more details.

For all SRG/STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil