Organize It to See It: Your Data Model - US-CERT...ORGANIZE IT TO SEE IT: YOUR DATA MODEL 4 Today’s Speaker: Richard A. Grabowski III Systems Engineer with the CDM Program Primarily

Organize It to See It: Your Data Model

February 23, 201712:00 pm – 1:00 pm EST

A CDM LEARNING COMMUNITY EVENT

THE FEBRUARY CDM WEBINAR: ORGANIZE IT TO SEE IT: YOUR DATA MODEL

2

Today’s Webinar Goals

Provide audience with a comprehensive overview of the CDM Data Model

Answer all audience questions during the allotted question and answer time


3

We’ll answer these questions

► What is the CDM Data Model?

► What is a common-schema?

► What is data interrogation?

► What objectives help drive the CDM Data Model?


4

Today’s Speaker: Richard A. Grabowski III► Systems Engineer with the CDM Program

► Primarily supporting the CDM Dashboard► Supported Task Order 2 Group C (TO2C)► Supported source selection for Task Order 2 Group D (TO2D)

► CDM Program Management Office (PMO) since 2014► 9+ years with Lockheed Martin specializing in client/server

integration► VMware / Citrix / Cisco / NetApp► Windows Administration

► Certifications► RSA Certified Administrator (e.g., Archer)

HomelandSecurity Office of Cybersecurity and Communications

What is the CDM Data Model?

“CDM Data Model” refers to:A Logical Data Model (LDM)A Data Model Document

5


CDM Principles

• Common-Schema: “To ensure consistent results, data collected by CDM must be normalized into a data schema that is common across all participating agencies.”

• Data Interrogation Actions: Users interrogate data collected by CDM through three methods:

– Defect checks to support risk management and ongoing authorization,

– Cybersecurity performance metrics to support Federal Information Security Management Act (FISMA) metric reporting, and

– Ad-hoc federated queries to support security operations.

6


The CDM Data Model

• Defines a common baseline that can be implemented– Must be met – standardization across all CDM solutions– Flexible to allow agencies to supplement (within reason)

• Outlines data interrogation actions for the common-schema– “How can I use CDM?”

• Models CDM PMO data requirements• Represents a joint effort between the CDM PMO and Johns

Hopkins University, in concert with the CDM “Principles”• Has an iterative process – never “final”

– Phase 1 – v1.1 Current– Phase 2 – v2.0 To be released for comment soon

• Is not a physical data model (e.g., schema in a database management system (DBMS))

7


Common-Schema

• CDM will collect this data baseline• CDM will create these relationships

8


Data Interrogation

9


Scenario: CVE-2017-0016

10


CDM Data Model Objectives?

11


Program Fundamentals – Dashboard Interoperability

12


Program Fundamentals – Summary Data“The contractor shall ensure that only summary level data is being sent from

the D/A CDM Dashboard to the Federal CDM Dashboard”*

What is “summary data”?

Counts? (e.g., Common Vulnerabilities and Exposures (CVEs) / Common Platform Enumerations (CPEs) / Common Configuration Enumerations (CCEs))

Summary Scores? Others? Context?

* Continuous Diagnostics and Mitigation (CDM), “Task Order GSQ0015AJ0097: Tools and Continuous Monitoring as a Service (CMaaS) for Group C Phase 1 Implementation.”

13


Program Fundamentals – Attachment N

• Contains hundreds of requirements of varying specificity

• Validates product on the CDM Blanket Purchase Agreement (BPA)

• Facilitates product buy on contracts or through Delegated Procurement Authority (DPA)

• Each Integrator must submit tools and have them approved before tools can be included in the solution

• Submission “attests” that tool covers at least one of the functional requirements

14


Program Fundamentals – FISMA Reporting

• Key Input into the CDM Data Model

• Separate “FISMA Questionnaires” (e.g., Chief information officer (CIO)) into their respective phases

• Goal: “Automate and Minimize”

15


Program Fundamentals – Risk Scoring

• Key element of the dashboard and CDM• Can drive changes to the data model• Development still pending

16


Program Challenges – Technology

• Different commercial off-the-shelf tools (COTs) with different capabilities (and objectives) within the CMaaS solution

• Inherent limitations in vendor products• Build to scale• Complexity to implement• Ability to customize

17


Program Challenges – Expectations


Program Challenges – Catchup

• Contract Awards (TO2, Dashboard)– Modeling effort ideally would have

occurred before integration efforts (or at least simultaneously)

– Program has been working to get ahead

– TO2 contracts are nearing their end; how to continue to provide needed integration effort

• Changes in Design– Proposed designs might have to be

fine-tuned, altered to accommodate these specific data requirements

19


Program Needs – Common Language

Buzzwords:• “Authorized”• “Managed”• “Approved”• “Misconfiguration”• “Vulnerability”

20


Program Needs – Guidance

Constructs:• Master Device Record (MDR)• Master User Record (MUR)• CVE / CCE Dictionaries

21



Context:• Organizational Unit

Containers• FISMA Containers

22



Define Correlation:

23


Program Needs – Flexibility

“Find all endpoints where software product Adobe Flash Player deployed within the last 30 days”

24


Program Needs – Addressing the Future• Future integration with other U.S. Department of Homeland Security

(DHS) cybersecurity programs:– CyberScope / Einstein / United States Computer Emergency Readiness Team

(US-CERT)• Other CDM Program “use cases” (e.g., Office of Management and Budget

(OMB) 16-12)• Feedback

– Understand nuances at agencies– Solicit needs (e.g., Formal Enhancement Request form)

• Changes to any of the “3 Critical Inputs– FISMA data gathering

• New metrics, new Cross-Agency Priority (CAP) Goals, new priorities?– Risk scoring strategy updates– New Attachment N requirements overlays (Phase 2, 3, 4, etc.)

• Technology Changes – Swaps / Updates

25


Questions?

References:– CDM Agency Dashboard Practitioner’s Guide– CDM Data Model v1.1– CDM LDM v1.1– FY 2016/2017 CIO FISMA Metrics– CDM Architecture Principles Document– Configuration Management Guidance for the CDM Agency Dashboard

platform (DRAFT)

26


27

Audience Q&A

Please use the question box on the top right of your screen to ask questions.


28

Get Involved with the CDM Learning Program!

Visit our website: https://www.us-cert.gov/cdm

Engage with our weekly blog: https://www.govloop.com/groups/cdm-learning-bits-bytes

Join our mailing list: [email protected]

https://www.us-cert.gov/cdm

https://www.govloop.com/groups/cdm-learning-bits-bytes

mailto:[email protected]


29

Thank you for attending today’s CDM webinar!► A certificate of attendance will be available to download

at www.us-cert.gov/cdm/training within one week of today’s event.

► Please help us provide better learning content by completing the short questionnaire. Your feedback matters!

http://www.us-cert.gov/cdm/training

Documents

Organize It to See It: Your Data Model - US-CERT...ORGANIZE IT TO SEE IT: YOUR DATA MODEL 4 Today’s Speaker: Richard A. Grabowski III Systems Engineer with the CDM Program Primarily