CISA CSD Industry Day 15-17NOV22 Vendor Questions.pdf
Posted: Jan. 26, 2023
• Type: .pdf
• Size: 0.13MB
Overview
Related Opportunity
Related Agency
Profiled People
Summary
compilation of vendor questions and proposed responses from an industry day event hosted by CISA CSD. Vendors inquired about various topics such as obtaining information on the CCIPP program, tailoring cybersecurity models to system needs, utilizing identity management solutions like login.gov, and addressing crypto security vulnerabilities. Additionally, questions were raised regarding CDM procurement opportunities, automating adversary threats, outsourcing threat assessment development, and enhancing automation in sharing VM data across security domains.
CISA provided responses indicating that the CCIPP program is still in development, highlighted the use of Risk Management Framework for cybersecurity controls, acknowledged the importance of identity management solutions, and expressed interest in automating threat information through threat hunting efforts.
Furthermore, CISA outlined strategies like the Operational Visibility Strategy (OVS) and the Joint Collaborative Environment (JCE) strategy to enhance visibility and data utilization for proactive risk reduction. The document also addressed concerns related to POAM resolution for critical infrastructure providers, emphasizing that while CISA can establish best practices and methodologies to support POAMs, it does not have regulatory authority to mandate vendor actions.
The document reflects a collaborative engagement between vendors and CISA to address cybersecurity challenges and enhance operational capabilities in safeguarding critical systems and data.
CISA provided responses indicating that the CCIPP program is still in development, highlighted the use of Risk Management Framework for cybersecurity controls, acknowledged the importance of identity management solutions, and expressed interest in automating threat information through threat hunting efforts.
Furthermore, CISA outlined strategies like the Operational Visibility Strategy (OVS) and the Joint Collaborative Environment (JCE) strategy to enhance visibility and data utilization for proactive risk reduction. The document also addressed concerns related to POAM resolution for critical infrastructure providers, emphasizing that while CISA can establish best practices and methodologies to support POAMs, it does not have regulatory authority to mandate vendor actions.
The document reflects a collaborative engagement between vendors and CISA to address cybersecurity challenges and enhance operational capabilities in safeguarding critical systems and data.
Show All