ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My

Kchnwtch

Involved In Discussions
#1
Hello,
My boss asked me to research the requirements to become a facility with DSS security clearance (FCL). It looks as if, just this past Monday, things took a turn for the NIST--as in new IS protocols for all DSS security clearance sites.

I'm posting here because NIST is using ISO/IEC 27001 and ISO 15408 (Common Criteria) as models for its new Risk Management Framework approach.

Have any of you encountered this yet? The website (http://www.dss.mil/rmf/) says that current sites with clearance have 6 months to get their IS systems to the new standard. Are you ready? Is it a minor change for you?

This would be our first time working for FCL, and while our IS is relatively secure for non-cleared work, I'm trying to assess how much we'll have to change for classified work. NIST 800 looks really complicated, but since I haven't been in the system, I don't know if you're working with structures that are already set up, etc.

Anyway, really, any feedback you have on FCL and IS clearance would be welcome. Thanks for taking the time to read this!:thanks:
 
Elsmar Forum Sponsor
Thread starter Similar threads Forum Replies Date
P Where to start to helping other companies to get ISO IEC 27000? Consultants and Consulting 1
Richard Regalado ISO/IEC 27000:2014 - Information technology - Overview and vocabulary (FREE download) IEC 27001 - Information Security Management Systems (ISMS) 4
T Are there any International Conferences related to ISO/IEC 27000 series standards IEC 27001 - Information Security Management Systems (ISMS) 1
Hershal PAC (Pacific Accreditation Cooperation) guidance on application of ISO/IEC 27000 IEC 27001 - Information Security Management Systems (ISMS) 0
S Planning and Costs to Implement ISO / IEC 27000 - Where to start? IEC 27001 - Information Security Management Systems (ISMS) 2
Marc New Forum - ISO/IEC 27000 - 7 June 2010 IEC 27001 - Information Security Management Systems (ISMS) 5
C ISO/IEC 17021-1 clause 7.1.2 - Determination of competence criteria Document Control Systems, Procedures, Forms and Templates 1
C ISO/ IEC 17021 Resource requirement (need help) Document Control Systems, Procedures, Forms and Templates 5
T ISO/IEC 17065 certification scheme Help Other ISO and International Standards and European Regulations 7
R Who is the customer in the ISO/IEC 17025:2017? ISO 17025 related Discussions 1
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
I Approved Suppliers ISO/IEC 17025:2017 and used test equipment ISO 17025 related Discussions 6
S The (E) in ISO/IEC 17025:2017(E) ISO 17025 related Discussions 3
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
DuncanGibbons Who are ISO/IEC 17065 and 17025 applicable to? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
V IS/ISO/IEC 17025:2017 Clause 7, sub clause 7.11 Control of data and information management ISO 17025 related Discussions 1
V IS/ISO/IEC 17025:2017 Clause 4.1 Impartiality ISO 17025 related Discussions 3
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S Relationship between IEC 62304 problem resolution and ISO 13485 IEC 62304 - Medical Device Software Life Cycle Processes 8
S When is the last date for transition to ISO/IEC 80079-34:2018? Other ISO and International Standards and European Regulations 0
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Laboratory Manual ISO/IEC 17025 Example wanted ISO 17025 related Discussions 2
Douglas E. Purdy ISO/IEC 17025:2017 3rd Ed. Changes from 2nd Ed. ISO 17025 related Discussions 6
Douglas E. Purdy ISO/IEC 17025:2017 Clause 8 & Annex B ISO 17025 related Discussions 9
Le Chiffre Is ISO/IEC 27001 appropriate for most small businesses? IEC 27001 - Information Security Management Systems (ISMS) 2
D IEC 60601-1 and ISO 14971 Assessment IEC 60601 - Medical Electrical Equipment Safety Standards Series 12
L What are the rules on significance of digits in numbers in IEC/ISO standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
A ISO/IEC 27001 - Issue during implementation of system IEC 27001 - Information Security Management Systems (ISMS) 3
C Data Matrix and DPM (direct part marking) UDI Standards - ISO/IEC TR 29158 Other US Medical Device Regulations 2
T Is there any requirement to be compliant with IEC 62304 while implementing ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
Ajit Basrur Informational ISO/IEC 17025:2017 Published - November 2017 ISO 17025 related Discussions 8
G Effect of ISO9001 2015 transition on ISO IEC 80079-34 Other ISO and International Standards and European Regulations 2
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
B Clarification on interpretation of some EN ISO 14971:2012 & IEC 62304:2006 req's ISO 14971 - Medical Device Risk Management 46
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
M Does Calibration to ISO/IEC 17025 conform to Z540.3? ISO 17025 related Discussions 1
M IEC 62304, ISO 14971 and FDA Medical Device SW Guidance 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
Richard Regalado ISO/IEC 27001:2016 Overview and Vocabulary - FREE! IEC 27001 - Information Security Management Systems (ISMS) 3
K ISO 14971 and IEC 62304 - Medical Device Software House ISO 14971 - Medical Device Risk Management 9
Richard Regalado ISO/IEC 27001 Mandatory Documentation Checklist IEC 27001 - Information Security Management Systems (ISMS) 1
A ISO/IEC process of revising the ISO IEC 20000 standards - Your chance to have a say IT (Information Technology) Service Management 1
Richard Regalado Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 2
D ISO/IEC 17025 Implementation Workshop Ideas ISO 17025 related Discussions 2
M ISO 14971, IEC 60601 Satisfy 98/37/EC, 2006/95/EC, 2004/108/EC Directives? Other ISO and International Standards and European Regulations 3
M UDI (Unique Device Identifier) ISO/IEC 15459 (Unique Identifiers) Requirements Other US Medical Device Regulations 4
Q A Resource - Cheap Harmonised ISO and IEC Standards EU Medical Device Regulations 2
A ISO/IEC 20000 Toolkit For Academic Purpose IT (Information Technology) Service Management 6
E Upcoming changes for ISO 10993 and IEC 60601 in South Korea Other Medical Device Regulations World-Wide 2

Similar threads

Top Bottom