Teaser Thumbnail June 2023 CISO Forum Ask Me Anything title card

Watch the June 2023 CISO Forum Ask Me Anything Session

Video URL


The June 2023 CISO Forum Ask Me Anything session is now available for viewing. Join ISPG Director and Chief Information Security Officer Rob Wood and ISPG Deputy Director Frank Domizio, as they discuss FISMA, AWS enclave, Azure, CMS web security updates, and more. Check the timestamp list below to go straight to the questions most relevant to you. 

TIMESTAMPS

00:02:04 Is the iPhone 16.5 release good to go? Can we install it without Zscaler and connectivity issues like the previous update? 

00:03:08 Do we plan on implementing AI into the Authorization to Operate (ATO) process?

00:07:52 Can Mac users install and update Mac OS Ventura 3.13.4?

00:08:49 Since most teams follow Agile methodology, how do we plan to update the Adaptive Capabilities Testing (ACT) waterfall process where the ACT requirements demand submitting documents two months prior to ACT assessment? 

00:14:34 Is it our goal to expedite the Adaptive Capabilities Testing (ACT) process by standardizing it?

00:19:33 Suppose all products in a business use Elastic Container Service (ECS) Fargate, how can that help the Authorization to Operate (ATO) process for each of those products? 

00:23:05 We are looking for a CMS approved collaboration tool that can be used for our collaboration with the states. Are you aware of any viable options?

00:28:44 In the absence of an enforcement mechanism –for example, policy and standardization – what are your thoughts on how we appropriately assign risk ownership when we've decided by our risk evaluation and authorization process that a Software as a Service (SaaS) or Supply Chain Risk Management (SCRM) product is high risk and, or unsuitable for CMS use?

00:38:57 Do we need a new Authorization to Operate (ATO) if we are migrating our moderate Federal Information Security Management Act (FISMA) systems from CMS Microsoft Azure Government (MAG) to CMS Amazon Web Services (AWS) enclave with no major functionality or change other than data center change? 

00:40:34 Can CMS OIT put in place an agency-wide routing, approval, and digital signature tool/application to standardize this process and unite CMS with a single solution that is available to all, for example, DocuSign?

00:42:40 How do we get past meeting recordings, including this one?

00:43:40 What are your thoughts on managed patches for IRS, IRS custom vulnerability scan audits at higher security posture than gold standard? 

00:46:13 Do you have the recordings also on Slack?

00:46:35 I'm confused about which docs I need to fill out – ARSPIA, ISRA, CP – to get a product into a FISMA boundary after I get the Security Impact Analysis (SIA) approved. Is there guidance somewhere based on the product? For example, is it a vendor product that CMS runs on-prem and doesn't handle Personal Identifiable Information (PII)?

00:47:58 Could Technology Readiness Assessment (TRA) and Transcoding Resource Blade (TRB) be leveraged to help address the comparison of vulnerability scans with the actual architecture and use of the system?

00:48:30 Did you hear anything about going back to the workplace? 

00:49:10 What are some of the current data projects/efforts that CISO should be most concerned about if they are not involved in the design phase – data monetization, borderless data, data modernization, etc.? How would you recommend they get in those conversations?

00:54:10 What input would you or the others attending have for how to make the transition to a government job: actively applying and learning how to craft a resume and then seeking help?

Recent Stories

Recent Media