Agency Security Update Service (ASUS) - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Agency Security Update Service (ASUS)

Description:

Mike Bolger KSC CIO ASUS Data Collection The ASUS Project collects Enterprise IT Security Data: Patch Management 80,000+ devices Software Inventory 80,000 ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 10
Provided by: LMIT4
Learn more at: https://www.nasa.gov
Category:

less

Transcript and Presenter's Notes

Title: Agency Security Update Service (ASUS)


1
Agency Security Update Service (ASUS)
Mike Bolger KSC CIO
2
ASUS Data Collection
  • The ASUS Project collects Enterprise IT Security
    Data
  • Patch Management 80,000 devices
  • Software Inventory 80,000 devices
  • Federal Desktop Core Configuration (FDCC)
    60,000 devices
  • Network Vulnerability 120,000 devices
  • Network Inventory 120,000 devices
  • Data is stored in IT Security Enterprise Data
    Warehouse (ITSEC-EDW)
  • Provides centralized one-stop-shop for IT
    Security Data

3
Continuous Monitoring / Reporting
Example Data
4
Continuous Monitoring / Reporting
List of Vulnerabilities By Center Or Security Plan
Drill down to a list of Workstation/server
with vulnerabilities
  • Interactive website provides searchable reports

5
Continuous Monitoring
  • The Agency is focusing on expanded Continuous
    Monitoring in alignment to proposed FISMA changes
  • ASUS Team is currently providing Continuous
    Monitoring for
  • Patch Management
  • Software Inventory
  • Network Inventory
  • Network Vulnerabilities
  • Developing automated methods to Continuously
    Monitor NIST 800-53 Controls (IT System Security
    Plans)

6
IT Security Risk-Based Reporting
  • Continuous Monitoring will feed NASA IT Security
    Risk Score
  • Provide overall Risk score for a Security Plan,
    Center and the Agency
  • Helps focus workforce to problem areas
  • Puts focus on reducing risk, not just meeting
    metrics

7
Collaboration with other NASA projects
  • ASUS Project is working to add IT Security Data
    Sources
  • Incident data from the NASA SOC
  • Antivirus data from ODIN
  • DHCP data from IPAM
  • Application data from Agency Data Center
    Consolidation (ADCC)
  • The ASUS Project is a preventative tool in NASAs
    IT Security arsenal

8
Patch Management Solution
  • Agency is moving to a new Patch Management
    Solution
  • Reached the potential of the PatchLink product
  • Selected product
  • Benefits
  • More robust Agent
  • Scalable to meet NASAs complex architecture
  • Follows OVAL standards
  • Provides additional functionality
  • Agent on a USB Stick
  • Network Inventory to locate machines missing an
    Agent
  • Appliance reduces costs and maintenance for the
    Agency

9
Agency Data Center Consolidation (ADCC)
  • Collaborating with the Agency Data Center
    Consolidation (ADCC) Project
  • OMB has come out with the Federal Data Center
    Consolidation Initiative
  • Goal is to reduce overall costs and energy
    consumption
  • ADCC is preparing to deploy an Inventory and
    Application Mapping tool in all NASA Data Centers
  • Application Mapping tells us what is required
    to move a service (i.e. Tech Doc)
  • ASUS team will be providing the technical
    expertise to coordinate the deployment of the
    automated tool across the Agency
Write a Comment
User Comments (0)
About PowerShow.com