DISA announces new tools to manage system risk
- By Sara Friedman
- Jan 24, 2018
The Defense Information Systems Agency on Jan. 23 announced the availability of service product packages to help mission partners ensure their programs and systems are compliant with the DISA Computing Ecosystem.
Each of the packages contains control correlation identifiers that have been validated and assessed as inherited or shared between DISA and mission partners. CCIs allow for “high-level policy” framework requirements to be “decomposed” and associated with low-level security settings to determine compliance with objectives of specific security controls.
The packages aim to give mission partners a holistic view of their information systems risk posture.
"We are also saving mission partners time and resources by leveraging our tested, validated, and compliant CCIs,” Stephanie Watt, chief of the DISA’s Cyber Controls Section in the cyber services line of business, said in the announcement.
DISA provides additional service product packages to help mission partners operate within the risk management framework. The DISA Inherited Policy package contains Department of Defense and DISA policy and guidance controls that are shared between DISA and mission partners. The DISA Data Center package has common, physical and environmental controls for programs and systems hosted in DISA’s data centers and field activities. And the DISA Network package contains transport and network infrastructure controls for mission partners who transport and receive program and system information.
DISA moved from the Defense Information Assurance Certification and Accreditation Process to the National Institute of Standards and Technology’s Risk Management Framework in 2014.
Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.
Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.
Friedman can be contacted at email@example.com or follow her on Twitter @SaraEFriedman.
Click here for previous articles by Friedman.