ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My

K

Kchnwtch

Hello,
My boss asked me to research the requirements to become a facility with DSS security clearance (FCL). It looks as if, just this past Monday, things took a turn for the NIST--as in new IS protocols for all DSS security clearance sites.

I'm posting here because NIST is using ISO/IEC 27001 and ISO 15408 (Common Criteria) as models for its new Risk Management Framework approach.

Have any of you encountered this yet? The website (http://www.dss.mil/rmf/) says that current sites with clearance have 6 months to get their IS systems to the new standard. Are you ready? Is it a minor change for you?

This would be our first time working for FCL, and while our IS is relatively secure for non-cleared work, I'm trying to assess how much we'll have to change for classified work. NIST 800 looks really complicated, but since I haven't been in the system, I don't know if you're working with structures that are already set up, etc.

Anyway, really, any feedback you have on FCL and IS clearance would be welcome. Thanks for taking the time to read this!:thanks:
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
P Where to start to helping other companies to get ISO IEC 27000? Consultants and Consulting 1
Richard Regalado ISO/IEC 27000:2014 - Information technology - Overview and vocabulary (FREE download) IEC 27001 - Information Security Management Systems (ISMS) 4
T Are there any International Conferences related to ISO/IEC 27000 series standards IEC 27001 - Information Security Management Systems (ISMS) 1
Hershal PAC (Pacific Accreditation Cooperation) guidance on application of ISO/IEC 27000 IEC 27001 - Information Security Management Systems (ISMS) 0
S Planning and Costs to Implement ISO / IEC 27000 - Where to start? IEC 27001 - Information Security Management Systems (ISMS) 2
Marc New Forum - ISO/IEC 27000 - 7 June 2010 IEC 27001 - Information Security Management Systems (ISMS) 5
Richard Regalado Informational ISO/IEC 27001:2022 has been published IEC 27001 - Information Security Management Systems (ISMS) 0
I IEC 60812 or ISO 14971 for PFMEA? What should we use? ISO 14971 - Medical Device Risk Management 3
L ISO/IEC 20000-6 Technical Areas IT (Information Technology) Service Management 2
S ISO/IEC 15408 - Is this is Certifiable Standard? Other ISO and International Standards and European Regulations 2
Richard Regalado Informational ISO/IEC DIS 27002:2022, to be published soon. IEC 27001 - Information Security Management Systems (ISMS) 1
A ISO/DIS 15223-1:2020 - Country of manufacture label (IEC 60417 No. 6049) - Which national law requires this symbol? Other Medical Device Related Standards 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
T Relationship between ISO 9001 and ISO – IEC BS EN 870079- 34 2020 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
T Help with BS EN ISO - IEC 80079-34 2020 (Explosive atmospheres QMS) Other ISO and International Standards and European Regulations 1
C ISO/IEC 17021-1 clause 7.1.2 - Determination of competence criteria Document Control Systems, Procedures, Forms and Templates 2
C ISO/ IEC 17021 Resource requirement (need help) Document Control Systems, Procedures, Forms and Templates 5
T ISO/IEC 17065 certification scheme Help Other ISO and International Standards and European Regulations 7
R Who is the customer in the ISO/IEC 17025:2017? ISO 17025 related Discussions 1
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
I Approved Suppliers ISO/IEC 17025:2017 and used test equipment ISO 17025 related Discussions 6
S The (E) in ISO/IEC 17025:2017(E) ISO 17025 related Discussions 3
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
DuncanGibbons Who are ISO/IEC 17065 and 17025 applicable to? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
V IS/ISO/IEC 17025:2017 Clause 7, sub clause 7.11 Control of data and information management ISO 17025 related Discussions 1
V IS/ISO/IEC 17025:2017 Clause 4.1 Impartiality ISO 17025 related Discussions 3
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S Relationship between IEC 62304 problem resolution and ISO 13485 IEC 62304 - Medical Device Software Life Cycle Processes 8
S When is the last date for transition to ISO/IEC 80079-34:2018? Other ISO and International Standards and European Regulations 0
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Laboratory Manual ISO/IEC 17025 Example wanted ISO 17025 related Discussions 2
Douglas E. Purdy ISO/IEC 17025:2017 3rd Ed. Changes from 2nd Ed. ISO 17025 related Discussions 6
Douglas E. Purdy ISO/IEC 17025:2017 Clause 8 & Annex B ISO 17025 related Discussions 11
Le Chiffre Is ISO/IEC 27001 appropriate for most small businesses? IEC 27001 - Information Security Management Systems (ISMS) 2
D IEC 60601-1 and ISO 14971 Assessment IEC 60601 - Medical Electrical Equipment Safety Standards Series 25
L What are the rules on significance of digits in numbers in IEC/ISO standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
A ISO/IEC 27001 - Issue during implementation of system IEC 27001 - Information Security Management Systems (ISMS) 3
C Data Matrix and DPM (direct part marking) UDI Standards - ISO/IEC TR 29158 Other US Medical Device Regulations 3
Talja Is there any requirement to be compliant with IEC 62304 while implementing ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
Ajit Basrur Informational ISO/IEC 17025:2017 Published - November 2017 ISO 17025 related Discussions 8
G Effect of ISO9001 2015 transition on ISO IEC 80079-34 Other ISO and International Standards and European Regulations 3
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 8
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
B Clarification on interpretation of some EN ISO 14971:2012 & IEC 62304:2006 req's ISO 14971 - Medical Device Risk Management 46
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
M Does Calibration to ISO/IEC 17025 conform to Z540.3? ISO 17025 related Discussions 1
M IEC 62304, ISO 14971 and FDA Medical Device SW Guidance 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
Richard Regalado ISO/IEC 27001:2016 Overview and Vocabulary - FREE! IEC 27001 - Information Security Management Systems (ISMS) 3
K ISO 14971 and IEC 62304 - Medical Device Software House ISO 14971 - Medical Device Risk Management 9

Similar threads

Top Bottom