Decision and Information Sciences Argonne Logo
 Search

Research Areas:

   Energy, Environment, and
   Economics

   National and Homeland
   Security

   Infrastructure Assurance

   Emergency Preparedness

   Social Dynamics

   Policy Analysis


Core Capabilities:

   Systems Analysis

   Modeling, Simulation, and
   Visualization

   Complex Adaptive Systems

   Decision Support and Risk
   Management

   Information Sciences

Maps to DIS

Web-Based Cyber Security Assessment Information System

Cyber Security Tool

A web-based information system has been designed which will assist in the OMB-mandated cyber security assessments for all major government information systems. These mandated assessments include the annual Federal Information System Management Assessment (FISMA) assessments, annual Circular A-123 Appendix A assessment (for financial systems) and the Certification and Accreditation (C&A) required for all computer systems. These assessments require large volumes of specific information be collected as evidence that security controls (e.g., computer room access lists, patches, etc.) are in place and are effective. Information collected is generally periodic: weekly, monthly, quarterly, semi-annually, and annually. A major challenge for all government agencies is to collect the data on a timely basis and organize the information so that the assessments can be completed efficiently without having to retrieve lost information from months ago.

This web-based tool is an information system and data repository that:

  • provides a flexible format to accommodate any of the OMB reports listed above
  • contains a description of the security control, generally from NIST documentation
  • contains a user-inputted set of tests that prove the control is in place and operational
  • contains a user-inputted description of test results
  • provides a periodic alert (email) to system administrators or security personnel that specific information is required for that time period (e.g., monthly reminder)
  • provides the storage of the evidence (doc file, pdf, or screen shot) that the control is operational (e.g, signed computer room access list for a given month).
  • provides a report capability that prints the required information for report submission.

    • The tool uses the Microsoft Sharepoint services which is well suited to this type of task. The tool is web-based and secured so that security personnel in the organization who have responsibilities in the various areas can input their evidence on a periodic basis when alerts are issued to them via email.

    Application

    All government agencies are required by OMB to perform computer security assessments of different types depending on the system. Any tools that can help in this process by organizing the vast amount of information required will reduce the overall costs of these assessments and increase the efficiency of the process.

    Figure 1 . Screen capture of the tool showing the cyber security assessment matrix embedded within the Sharepoint framework which contains the supporting documentation and evidence.



    Figure 2 - Data capture reminder tasks to collect security data in a timely manner.

    For more information, contact:
    Craig Swietlik
    Information Sciences
    Decision and Information Sciences Division
    Argonne National Laboratory
    9700 South Cass Ave., Bldg. 221
    Phone: 630-252-8912
    Fax: 630-252-5128
    E-mail Craig Swietlik
    U.S. Department of Energy Office of Science | UChicago Argonne LLC
    Privacy & Security Notice | Contact Us | Site Map | Search