I served a good part of my 30+ year career as an Information Systems Security Officer (ISSO), Information Systems Security Manager (ISSM), and Information Systems Security Engineer (ISSE) for the Intelligence Community and Department of Defense. Ensuring accreditation is accomplished for each Information System takes a skilled team in each of these positions. Serving as a Subject Matter Expert with respect to National-level Security Policies to include ICD 503, NIST SP-800 Series, CNSS Instructions 504, 1015, and 1253, FIPS 140, and FedRAMP® is a necessity!
Authorization to Operate
Higher up the chain is the Designated Accrediting Authority (DAA). This is the Government official with the authority to assume formal responsibility for operating a system at an acceptable level of risk. The DAA appoints authority knowledgeable in all areas of security so that a technically correct assessment of the security characteristics of the Information System can be made. The DAA grants formal accreditation to operate a system; this authority to operate (ATO) from the DAA needs to be accomplished in the most secure, efficient, and rapid manner possible for mission.
I can tell you that ISSMs, ISSOs, and ISSEs are overloaded with numerous program ATOs, and programs are pressured to reach full operational capability as soon as possible to meet mission deadlines. This pressure means the use of shortcuts, including waivers, is commonplace, and should not be. Shortcuts introduce unknown risk.
Essential tasks require advanced deployed information processing capabilities. Securing the services that deliver these capabilities is equally important to prevent systems from being compromised and exploited.
Building partnerships around Cybersecurity initiatives is of paramount importance to Cisco. This is especially true when it comes to securing the customer’s infrastructure, protecting sensitive data, and working to get ATO.
Cybersecurity has historically had a messy array of independent technologies, which presents a plethora of operational, policy enforcement, and monitoring challenges. Many organizations use dozens of Cybersecurity solutions, if not more, from just as many vendors. Security teams can investigate only half the security alerts they receive, and network security defenses are less effective at blocking targeted sophisticated threats and advanced malware attacks.
It is not possible to stop all attacks, but it is possible to reduce cost, minimize risk and reduce time to detection by building out a security architecture.
That is where Cisco comes in
A security architecture allows systems to learn, adapt and better secure a customer’s environment.
Cisco’s integrated security architecture approach consists of 12 product families with management, integrated threat intelligence, and the ability to integrate with other vendor security products and solutions using open-industry standards (see Figure 1).
It may seem strange to have route/switch and WAN solutions listed alongside comprehensive security products as part of the overall security architecture, but they are listed for three reasons and are your best friend when achieving ATO:
- Existing route/switch environments allow a cost-effective means to gather data needed to assess threats and take proactive steps to protect your network. NetFlow data (from Cisco networking products and other vendors), is a key security data source to monitor anomalous behavior and security breach activities. It provides forensic evidence to reconstruct a sequence of events and can be used to help ensure regulatory compliance. Providing visibility across the entire attack lifecycle.
- Wired and wireless infrastructures have access ports that network segmentation needs to be effective. Granular network segmentation (down to the individual port, device, or person when needed) enables an enterprise to restrict attack and threat vectors and allow network consolidation reducing costs and enhancing performance and security.
- The infrastructure is key to ensuring scalability of networks to handle increased growth.
As with any architecture, integration between components is a necessity. It must be inclusive of other devises that may not be a direct part of the Architecture.
Designing your security architecture to leverage your existing switch, router, and WAN environments, allows for cost-effective network sensor data, and performance and assured scalability built-in to your existing network fabric. ATO is achieved faster and documented better within the System Security Plan (SSP) that identifies the functions and features of a system, including all its hardware and software installed. You can help prevent potential self-inflicted denial (or degradation) of service caused by security solutions that do not factor in network performance considerations.