• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

DIACAP

Job position for DIACAP Compliance Engineer at Tarrytown, NY

June 29, 2018 by Leave a Comment

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Keywords: – STIG, TFS, DevOps, Windows Imaging WIX, MSI, PowerShell, Anti-Virus, Whitelisting

Job Description:
Background
Source code management (SCM) & DEVOPS team (Infrastructure Team) manages the entire continuous integration, continues development chain process of a global Engineering conglomerate.
Application is developed using Microsoft technology C#, C++, WPF, MVVM and custom control on Windows-7 platform. The backbone of the entire SCM is Microsoft TFS while the packaging strategy is utilizing MSI and WIX. The current build management is driven by customized XMAL with PowerShell usage. Now the plans are to move to VNEXT that provides flexibility as an orchestrator and allows better reporting, triggering and logging facility.
The Goal of this team is to make the entire infrastructure to be in compliant with DIACAP (DoD Information Assurance Certification and Accreditation) process

Expectations – The team is looking out for Engineers who can augment the current team and support on following tasks
This means the identified engineer needs experience in DIACAP process (not knowledge) on how the system could be transformed to be DIACAP compliant system.
• Experienced in the Security Technical Implementation Guide (STIG) that provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR).
• Identify loopholes and open items as part of IIS 7.0 Web Server to ensure that the IIS 7.0 becomes STIG compliant and thus related request handling and filtering are done in control manner and encryption is applied for protocols or data exchange for HTTP, FTP or telnet and more of such tasks etc.
• Ensuring the basic need of McAfee VirusScan 8.8 Managed Client STIG that highly suggests to have antivirus to be monitoring 24*7 along with no possibility of stoppage of such services and availability of antivirus signed files almost every day
• Ensure security enablement in Microsoft Internet Explorer 11 client used on Windows-7 workstations like script execution, popup restrictions as needed and stoppage of unsigned ACTIVEX controls
• Experience in interpreting STIG scans that reflect results on periodic basis.
• Experience in working on adding check and controls in build management system that automates scans ensure STIG compliance.

Soft Skills
• Good Team Player
• Good Written and verbal communication skills
• Customer facing experience would be added advantage

www.enterprisesolutioninc.com Pradyut Bhattacharya
Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485

Filed Under: cyberspace workforce, DIACAP, DIARMF Jobs, Information Assurance Jobs, IT Security Jobs, risk jobs, STIGS Tagged With: DIACAP, DIARMF, job, PowerShell, risk management frameworkd, rmf, rmf jobs, Source code management (SCM), STIG, windows, writing

DIACAP vs DoD RMF for IT vs NIST RMF

July 11, 2016 by Bruce Brown Leave a Comment

There are differences between the old DIACAP (being phased out), DoD RMF for IT and NIST RMF. What is “DIACAP”? It stands for Department of Defense Information Assurance Certification & Accreditation Process and it is based on the old DoDI 8510.01 and DoD 8500 documents. The process was designed to make absolutely sure federal systems have security on them.

With the constant exponential evolution of information technology this process has had to change to keep up with the times. DIACAP is being replaced with DoD Risk Management Framework for Information Technology (DoD RMF for IT). This process has more granularity, more detailed, more frequent and covers many new technology that was not covered by DIACAP. DoD RMF for IT is actually based fundamentally on NIST SP 800-37, Risk Management Framework.

 

 

Filed Under: certification & accreditation, DIACAP, DIARMF, DIARMF Process, Risk Management For DoD IT Tagged With: DIACAP, DoD RMF for IT, NIST RMF

Information Security Framework aka System Compliance

January 15, 2016 by Bruce Brown Leave a Comment

What are Cyber Security Standards?
These are rules that put in place to protect every aspect of an information system.

Also know as information system security standards, information security framework, security system compliance, information system compliance, risk management framework. There are also many types that specialize on different functions of a given industry. For example the medical industry has a standard for protecting patient information called HIPAA which is an acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. And there is a standard for protecting point of sale and merchant systems called PCI. There are many others.. but the mission is the same… to protect the confidentiality, availability and integrity of important data.

Filed Under: cyberspace workforce, information system compliance Tagged With: CISSP, compliance, cybersecurity framework, DIACAP, DIARMF, DSS, framework, hippa, ISO 27001, PCI, rmf, sarbanes oxley, SOX, system compliance

DIACAP transition to RMF for DoD IT slides

July 14, 2014 by Bruce Brown Leave a Comment

Intro: 

  • DoDI 8510.01, DoD Information Assurance Certification & Accreditation (DIACAP) is being replaced/modified
  • DoD 8510, Risk Management Framework For DoD IT (The RMF)
    • NEW 8500 based on NIST SP 800 series

DIACAP to the RMF Authority

  • Teri M. Takai Defense CIO (former ASD(NII)), Is the authority behind the transition from DIACAP to The RMF
  • “The DON will continue to use the DoDI 8500.2 as the authoritative source for security controls until otherwise specified. However, understanding the changes represented in NIST SP 800-53r3 will be essential as DoD and the DON begin transitioning to this new set of security controls. To support the transition, the DON CIO developed this security control mapping document to demonstrate how existing DoD and IC security controls map to the security controls recommended by the NIST SP 800-53r3 publication.” —DON CIO

Future of DIACAP

  • DIACAP KS “C&A Transformation” pages that introduce some of the coming changes
  • DIACAP has “Risk Management Framework Transformation Initiative” underway
  • Provides information on use of NIST SP 800-53, NIST SP 800-37, CNSS Instruction 1253
  • Introduces changes being made to DoDD 8500.01, DoDI 8500.2, and DoDI 8510.01

http://youtu.be/7BC7tgCBtyo

Filed Under: certification & accreditation, DIACAP, Risk Management For DoD IT Tagged With: DIACAP, DIACAP transition to RMF, diacap vs rmf, rmf

RMF Knowledge Service (RMFKS)

May 21, 2014 by Bruce Brown Leave a Comment

The DoD CIO gave an overview of the Risk Management Framework (RMF) transition.  The Risk Management Framework Knowledge Service (RMFKS) is a central repository for RMF DoD for IT.  This site is up for access as long as you have a Common Access Card (CAC) or ECA cert.  The link is below but some of the links on the site are still under construction.

  • rmfks.osd.mil 
Information Assurance
Information Assurance

The former site was for certification & accreditation / risk management was the DIACAP Knowledge Service (https://diacap.iaportal.navy.mil/).

 

Filed Under: certification & accreditation, DIACAP, DIARMF, Information Assurance, NIST Security Framework, RDIT, risk management, Risk Management For DoD IT Tagged With: DIACAP, DIARMF, knowledge service, rmf, RMF Knowledge Service, RMFKS

dod 8570 chart

January 21, 2014 by Bruce Brown 3 Comments

The dod 8570 chart is designed to provide guidance for government agencies (mainly in defense) to categorize and identify certification of personnel conducting Information Assurance (IA) functions.

Defense Information Assurance workforce is broken up into category, specialty, level, and function to for better protection of confidentiality, integrity and availability of DoD information, information systems, and networks.

Information Assurance Profiles DoD 8570:

 

dod 8570 chart
dod 8570 chart – http://iase.disa.mil/eta/iawip/content_pages/iabaseline.html
IA Management Level I IAM Level I personnel are responsible for the implementation and operation of an Information System (IS) within their CE. Personnel ensure that IA related IS are functional and secure within the CE.
IA Management Level II IAM Level II personnel are responsible for the IA program of an IS within the NE. Personnel in these positions perform a variety of security related tasks, including the development and implementation of system information security standards and procedures. They ensure that IS are functional and secure within the NE.
IA Management Level III IAM Level III personnel are responsible for ensuring that all enclave IS are functional and secure. They determine the enclaves’ long term IA systems needs and acquisition requirements to accomplish operational objectives. They also develop and implement information security standards and procedures through the certification and accreditation process.
IA Technical Level I IAT Level I personnel make the CE less vulnerable by correcting flaws and implementing IAT controls in the hardware or software installed within their operational systems.
IA Technical Level II IAT Level II personnel provide network environment (NE) and advanced level CE support. They pay special attention to intrusion detection, finding and fixing unprotected vulnerabilities, and ensuring that remote access points are well secured. These positions focus on threats and vulnerabilities and improve the security of systems. IAT Level II personnel have mastery of the functions of the IAT Level I position.
IA Technical Level III PIAT Level III personnel focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the CE, NE, and enclave environments. IAT Level III personnel have mastery of the functions of both the IAT Level I and Level II positions.
CND-SP Analyst (CND-A) CND-A personnel use data collected from a variety of CND tools (including intrusion detection system alerts, firewall and network traffic logs, and host system logs) to analyze events that occur with their environment.
CND-SP Infrastructure Support (CND-IS) CND-IS personnel test, implement, deploy, maintain, and administer the infrastructure systems which are required to effectively manage the CND-SP network and resources. This may include, but is not limited to routers, firewalls, intrusion detection/prevention systems, and other CND tools as deployed within the NE or enclave.
CND-SP Incident Responder (CND-IR) CND-IR personnel investigate and analyze all response activities related to cyber incidents within the NE or Enclave. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information and supporting evidence or artifacts related to an incident or event.
CND-SP Auditor (CND-AU) CND-AU personnel perform assessments of systems and networks within the NE or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. CND-AUs achieve this through passive evaluations (compliance audits) and active evaluations (penetration tests and/or vulnerability assessments).
CND-SP Manager (CND-SPM) CND-SPMs oversee the CND-SP operations within their organization. CND-SPMs are responsible for producing guidance for their NE or enclave, assisting with risk assessments and risk management for organizations within their NE or enclave, and are responsible for managing the technical classifications within their organization.
IASAE I Applies knowledge of IA policy, procedures, and structure to design, develop, and implement CE system(s), system components, or system architectures.
IASAE II Applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement a secure NE.
IASAE III Responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system or system component for use within CE, NE, and enclave environments
General User A user who is granted use of Government Information Systems (IS) and access to Government networks. This is not an IA position.
Power User Personnel with limited administrative privileges to their PC only. This is not an IA position.

DoD 8570 Chart is being replaced soon with DoDD 8140, Cyberspace workforce which will have 7 high level categories under a National Initiative for Cybersecurity Education framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks.  It was supposed to be released in 2013, but there is actually no telling when it will come out.

 

Filed Under: DIARMF Jobs, Information Assurance, Information Assurance Jobs, risk jobs Tagged With: 8570, DIACAP, DIARMF, diarmf diacap, dod 8570, dod 8570 chart, dodd 8140, entry level information assurance jobs, IA, info assurance, information assurance, information assurance jobs

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

search

Learn to Make 6 Figures in CyberSecurity

Cyber Security How to make up to 6 Figures
6 figures in Cyber Security

This course explains how I have been able to consistently make 6 figures doing cyber security. There is a method that I have used during my development in cyber security. I am presenting that method to you.

View Course

Teleworking - IT Remote Work
Teleworking – IT Remote Work

Teleworking is something I have been doing for the last 5 years. This is how I did it.

Find Teleworking IT Jobs

View Course

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Implementation of security controls resources part 1
  • Convocourses Podcast: course update continuous monitoring and other issues
  • Convocourses Podcast: RMF Course Updates New & NIST-53a
  • ConvoCourses Podcast: Get Into IT from other fields
  • convocourses podcast: RMF Course Updates New NIST 800-53

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert
  • Disa Help Desk | VinHomesData.com on STIG Update – DISA has released the Oracle Java Runtime Environment (JRE) 8 STIG Version 1
  • Bruce Brown on DIARMF – Continuous Monitoring
  • dpresbit on DIARMF – Continuous Monitoring

Tags

8140 8570 ArcSight c&a CISSP colorado cyber cybersecurity cyber security denver DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO job jobs Linux mcafee nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security SIEM STIG stigs unix VMWare windows

Copyright © 2021 · Author Pro on Genesis Framework · WordPress · Log in