DoD Directive 8570 to change again :|
broli720
Member Posts: 394 ■■■■□□□□□□
As stated in the subject, the 8570 will be renamed and refocus to include security for industrial controls systems (ICS). This is a major change in critical infrastructure protection for many organizations and customers of the DoD.
My my source is Michael Chipley who presented this information at the 9th Annual ICS Summit that I'm currently attending this week.
Also DIACAP will be replaced by the Risk Management Framework.
http://www.govinfosecurity.com/dod-switching-to-new-risk-framework-a-6647
My my source is Michael Chipley who presented this information at the 9th Annual ICS Summit that I'm currently attending this week.
Also DIACAP will be replaced by the Risk Management Framework.
http://www.govinfosecurity.com/dod-switching-to-new-risk-framework-a-6647
Comments
-
da_vato Member Posts: 445I heard this was coming last year but that was all I could get out of the conversation. Do you have any other info?
-
zxbane Member Posts: 740 ■■■■□□□□□□I've been hearing about the RMF as well and how it will replace DIACAP.. I wonder how long it will actually take for the transition to happen though
-
broli720 Member Posts: 394 ■■■■□□□□□□The only information I have is that they plan to make the change sometime this spring or early summer. The speaker was apparently on the advisory committee or board that's handling this for the 8570.
The RMF transition is allegedly suppose to take 3 years. -
da_vato Member Posts: 445holy cow! thats quick for the gov.... where I work some of the base still has not fully caught up to 8570. This is going to be fun watch over here.
-
colemic Member Posts: 1,569 ■■■■■■■□□□Any word on what specific changes will be made to 8570, specifically? I am marginally aware of the RMF but haven't studied it to see if it has a cert requirement portion or if that will be bolted on. Personally I am glad to see they are seeing that the current 8570 didn't have the desired effect they envisioned it to, and are making (hopefully) positive changes to make it more relevant.Working on: staying alive and staying employed
-
JDMurray Admin Posts: 13,091 AdminDoDD 8570.01 was suppose to be replaced by the new DoDD 8140 in December 2013, but it didn't happen. I've been keeping an eye out for it at the DoD Directive Web site, but there's nothing published yet.
-
BlackBeret Member Posts: 683 ■■■■■□□□□□This was a topic on a recent SANS webcast that I missed. I'm not active on their site often but if someone else is you may be able to find the archive.
-
NovaHax Member Posts: 502 ■■■■□□□□□□I'm actually surprised we haven't seen this sooner. While we are on the topic...does anybody know of any decent Industrial Controller security training programs or certification tracks? I'd definitely be interested.
-
zxbane Member Posts: 740 ■■■■□□□□□□JD,
Thanks for the link, out of curiosity, are the Webcasts free to anyone who registers on the SANS website? -
JDMurray Admin Posts: 13,091 AdminYes, the SANS Webcasts are free to anyone registered on sans.org. The Webcasts are sometimes native or overt advertising for some product or service, or house ads for SANS courses, but the learning value is usually top-notch regardless.
-
broli720 Member Posts: 394 ■■■■□□□□□□I'm actually surprised we haven't seen this sooner. While we are on the topic...does anybody know of any decent Industrial Controller security training programs or certification tracks? I'd definitely be interested.
While at the conference, SANS rolled out their GICSP which is geared for cyber security for industrial control systems. From what I gathered, it tries to bridge the gap between control systems engineers and IT security. Not something I'll be pursuing, but you may be interested.
GIAC Forensics, Management, Information, IT Security Certifications -
wikiget Member Posts: 75 ■■□□□□□□□□8140 is supposed to be the catalyst to switch DoD to NICE, but the government is still mapping certs to jobs for the NICE Program."Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon
Life of a Network Security Manager: http://imgur.com/kKvmgjj -
daviddws Member Posts: 303 ■■■□□□□□□□Has anything changed in the last couple months? It would be nice to have a better idea of what requirements are needed for certain positions.________________________________________
M.I.S.M: Master of Information Systems Management
M.B.A: Master of Business Administration -
colemic Member Posts: 1,569 ■■■■■■■□□□I would think that from a certification perspective, you should keep on trying to get certs that are relevant for the tier you work for/want to work for. It will be changed up some, but there will almost certainly still be a cert requirement for most (if not all) positions. You will still be ahead from the knowledge you gain, even if the cert you are shooting for isn't on the list, and most likely one that is very similar will be.
...which makes me wonder, how mad would some people be, if the CISSP they had to get to keep their job, wasn't on the list anymore. Won't happen but funny to ponder.Working on: staying alive and staying employed