The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Proposed Plan for the Federal Best Security Practices (BSPs) Pragram (FBSPP)

Entry type

misc

Key alpha

best practices

Publication Date

0000-00-00

Contents

Executive Summary.....................1 1) Introduction...............................1 1.1 Purpose...............................2 1.2 Historical Background.......3 1.2.1 The General Need for Best Practices.............3 1.2.2 Three Collections of Best Security Practices...4 1.2.3 Three Recent BSP Initiatives: Critical Infrastructure Protection, CIO Council, Model ISS Program.............................4 1.2.4 Convergence of Federal BSP Initiatives....6 1.3 Organization of Document................................6 2) Business Care........................9 2.1 The Need for BSPs in Federal Agencies/ Departments...........................9 2.1.1 The Current Situation: E-Gov, Security, and CIP..............9 2.1.2 Best Security Practices and the Security Process Framework.....11 2.1.3 How the FBSPP Will Improve the Current Federal Security Situation..........................13 2.2 The Status Quo vs. BSP Sharing......................16 3) Program Description............19 3.1 Products............................19 3.1.1 Best Security Practices.........................20 3.1.2 BSP Development Guide...............................23 3.1.3 The Security Process Framework.....23 3.1.4 BSP Collection Plan..................................24 3.1.5 BSP Evaluation Guide...............................26 3.1.6 BSP Web Site..........29 3.1.7 Configuration Management Plan and Procedures.....................31 3.2 The BSP Life Cycle and Program Tasks....................31 3.2.1 Identifying Candidate BSPs............33 3.2.2 Packaging BSPs.....34 3.2.3 Evaluating BSPs....35 3.2.4 Approving BSPs......36 3.2.5 Delivering BSPs......36 3.2.6 Improving BSPs......37 3.2.7 Other Functions......38 3.3 Proposed BSP Manage- ment Organization...............38 3.3.1 The Organizational Structure of the FBSPP Office................................38 3.3.2 Recommended Host Agency for the FBSPP Office..................41 3.4 Concept of Operations....42 4) Schedule, Resources, & Costs...........................................45 4.1 Schedule and Staffing Profile.....................................45 4.1.1 Phase Descriptions...................46 4.1.1.2 Validation Phase..............................47 4.1.1.3 Operational Phase..............................48 4.1.2 Level-of-Effort (LOE) Estimates........................49 4.1.2.1 Product Schedule and Effort.........................49 4.1.3 Staffing Profiles.......52 4.2 Technology........................53 4.3 Costs..................................54 4.3.1 Costing Assumptions..................54 4.3.2 Pilot and Validation Phase Costs..................55 4.3.3 Operational Phase Costs...............................55 4.3.4 Estimated Cost Summary.........................56 5) RIsk and Mitigations.............57 6) Next Steps..............................59 Appendices.................................61

Keywords

BSPs, Federal Best Security Practices, FBSPP,

Language

English

Location

A hard-copy of this is in the Papers Cabinet

Subject

Best Security Practices

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.