Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Organize It to See It: Your Data Model
February 23, 201712:00 pm – 1:00 pm EST
A CDM LEARNING COMMUNITY EVENT
THE FEBRUARY CDM WEBINAR: ORGANIZE IT TO SEE IT: YOUR DATA MODEL
2
Today’s Webinar Goals
Provide audience with a comprehensive overview of the CDM Data Model
Answer all audience questions during the allotted question and answer time
THE FEBRUARY CDM WEBINAR: ORGANIZE IT TO SEE IT: YOUR DATA MODEL
3
We’ll answer these questions
► What is the CDM Data Model?
► What is a common-schema?
► What is data interrogation?
► What objectives help drive the CDM Data Model?
THE FEBRUARY CDM WEBINAR: ORGANIZE IT TO SEE IT: YOUR DATA MODEL
4
Today’s Speaker: Richard A. Grabowski III► Systems Engineer with the CDM Program
► Primarily supporting the CDM Dashboard► Supported Task Order 2 Group C (TO2C)► Supported source selection for Task Order 2 Group D (TO2D)
► CDM Program Management Office (PMO) since 2014► 9+ years with Lockheed Martin specializing in client/server
integration► VMware / Citrix / Cisco / NetApp► Windows Administration
► Certifications► RSA Certified Administrator (e.g., Archer)
HomelandSecurity Office of Cybersecurity and Communications
What is the CDM Data Model?
“CDM Data Model” refers to:A Logical Data Model (LDM)A Data Model Document
5
HomelandSecurity Office of Cybersecurity and Communications
CDM Principles
• Common-Schema: “To ensure consistent results, data collected by CDM must be normalized into a data schema that is common across all participating agencies.”
• Data Interrogation Actions: Users interrogate data collected by CDM through three methods:
– Defect checks to support risk management and ongoing authorization,
– Cybersecurity performance metrics to support Federal Information Security Management Act (FISMA) metric reporting, and
– Ad-hoc federated queries to support security operations.
6
HomelandSecurity Office of Cybersecurity and Communications
The CDM Data Model
• Defines a common baseline that can be implemented– Must be met – standardization across all CDM solutions– Flexible to allow agencies to supplement (within reason)
• Outlines data interrogation actions for the common-schema– “How can I use CDM?”
• Models CDM PMO data requirements• Represents a joint effort between the CDM PMO and Johns
Hopkins University, in concert with the CDM “Principles”• Has an iterative process – never “final”
– Phase 1 – v1.1 Current– Phase 2 – v2.0 To be released for comment soon
• Is not a physical data model (e.g., schema in a database management system (DBMS))
7
HomelandSecurity Office of Cybersecurity and Communications
Common-Schema
• CDM will collect this data baseline• CDM will create these relationships
8
HomelandSecurity Office of Cybersecurity and Communications
Data Interrogation
9
HomelandSecurity Office of Cybersecurity and Communications
Scenario: CVE-2017-0016
10
HomelandSecurity Office of Cybersecurity and Communications
CDM Data Model Objectives?
11
HomelandSecurity Office of Cybersecurity and Communications
Program Fundamentals – Dashboard Interoperability
12
HomelandSecurity Office of Cybersecurity and Communications
Program Fundamentals – Summary Data“The contractor shall ensure that only summary level data is being sent from
the D/A CDM Dashboard to the Federal CDM Dashboard”*
What is “summary data”?
Counts? (e.g., Common Vulnerabilities and Exposures (CVEs) / Common Platform Enumerations (CPEs) / Common Configuration Enumerations (CCEs))
Summary Scores? Others? Context?
* Continuous Diagnostics and Mitigation (CDM), “Task Order GSQ0015AJ0097: Tools and Continuous Monitoring as a Service (CMaaS) for Group C Phase 1 Implementation.”
13
HomelandSecurity Office of Cybersecurity and Communications
Program Fundamentals – Attachment N
• Contains hundreds of requirements of varying specificity
• Validates product on the CDM Blanket Purchase Agreement (BPA)
• Facilitates product buy on contracts or through Delegated Procurement Authority (DPA)
• Each Integrator must submit tools and have them approved before tools can be included in the solution
• Submission “attests” that tool covers at least one of the functional requirements
14
HomelandSecurity Office of Cybersecurity and Communications
Program Fundamentals – FISMA Reporting
• Key Input into the CDM Data Model
• Separate “FISMA Questionnaires” (e.g., Chief information officer (CIO)) into their respective phases
• Goal: “Automate and Minimize”
15
HomelandSecurity Office of Cybersecurity and Communications
Program Fundamentals – Risk Scoring
• Key element of the dashboard and CDM• Can drive changes to the data model• Development still pending
16
HomelandSecurity Office of Cybersecurity and Communications
Program Challenges – Technology
• Different commercial off-the-shelf tools (COTs) with different capabilities (and objectives) within the CMaaS solution
• Inherent limitations in vendor products• Build to scale• Complexity to implement• Ability to customize
17
HomelandSecurity Office of Cybersecurity and Communications
Program Challenges – Expectations
HomelandSecurity Office of Cybersecurity and Communications
Program Challenges – Catchup
• Contract Awards (TO2, Dashboard)– Modeling effort ideally would have
occurred before integration efforts (or at least simultaneously)
– Program has been working to get ahead
– TO2 contracts are nearing their end; how to continue to provide needed integration effort
• Changes in Design– Proposed designs might have to be
fine-tuned, altered to accommodate these specific data requirements
19
HomelandSecurity Office of Cybersecurity and Communications
Program Needs – Common Language
Buzzwords:• “Authorized”• “Managed”• “Approved”• “Misconfiguration”• “Vulnerability”
20
HomelandSecurity Office of Cybersecurity and Communications
Program Needs – Guidance
Constructs:• Master Device Record (MDR)• Master User Record (MUR)• CVE / CCE Dictionaries
21
HomelandSecurity Office of Cybersecurity and Communications
Program Needs – Guidance
Context:• Organizational Unit
Containers• FISMA Containers
22
HomelandSecurity Office of Cybersecurity and Communications
Program Needs – Guidance
Define Correlation:
23
HomelandSecurity Office of Cybersecurity and Communications
Program Needs – Flexibility
“Find all endpoints where software product Adobe Flash Player deployed within the last 30 days”
24
HomelandSecurity Office of Cybersecurity and Communications
Program Needs – Addressing the Future• Future integration with other U.S. Department of Homeland Security
(DHS) cybersecurity programs:– CyberScope / Einstein / United States Computer Emergency Readiness Team
(US-CERT)• Other CDM Program “use cases” (e.g., Office of Management and Budget
(OMB) 16-12)• Feedback
– Understand nuances at agencies– Solicit needs (e.g., Formal Enhancement Request form)
• Changes to any of the “3 Critical Inputs– FISMA data gathering
• New metrics, new Cross-Agency Priority (CAP) Goals, new priorities?– Risk scoring strategy updates– New Attachment N requirements overlays (Phase 2, 3, 4, etc.)
• Technology Changes – Swaps / Updates
25
HomelandSecurity Office of Cybersecurity and Communications
Questions?
References:– CDM Agency Dashboard Practitioner’s Guide– CDM Data Model v1.1– CDM LDM v1.1– FY 2016/2017 CIO FISMA Metrics– CDM Architecture Principles Document– Configuration Management Guidance for the CDM Agency Dashboard
platform (DRAFT)
26
THE FEBRUARY CDM WEBINAR: ORGANIZE IT TO SEE IT: YOUR DATA MODEL
27
Audience Q&A
Please use the question box on the top right of your screen to ask questions.
THE FEBRUARY CDM WEBINAR: ORGANIZE IT TO SEE IT: YOUR DATA MODEL
28
Get Involved with the CDM Learning Program!
Visit our website: https://www.us-cert.gov/cdm
Engage with our weekly blog: https://www.govloop.com/groups/cdm-learning-bits-bytes
Join our mailing list: [email protected]
THE FEBRUARY CDM WEBINAR: ORGANIZE IT TO SEE IT: YOUR DATA MODEL
29
Thank you for attending today’s CDM webinar!► A certificate of attendance will be available to download
at www.us-cert.gov/cdm/training within one week of today’s event.
► Please help us provide better learning content by completing the short questionnaire. Your feedback matters!