SlideShare una empresa de Scribd logo

Change management .francomarcaro

wardell henley
wardell henley
1 de 7
Descargar para leer sin conexión
FIPS 201-2 Workshop NIST PIV Team National Institute of Standards and Technology US Department of Commerce Gaithersburg, MD April 18 – 19, 2011 1 1
CHANGE MANAGEMENT 2
Change Management Why this new section of the FIPS 201-2? • Because we want to work with all the stakeholders to mitigate the impact of any change on the existing infrastructures • And because we want to be faithful to these two principles: – Do no harm; don’t break what works – Anything we change should not astonish anyone 3
Change Management How to achieve these goals? • Changes will be introduced over 5 to 6 year period to allow time to execute transition plans • FIPS 201 will contain only requirements that change infrequently. Implementation details should be in the associated Special Publications • New requirements will be introduced ‘optional’ at first, and would become mandatory in the following revision • Backward compatibility will be maintained where possible 4
Change Management New sections added to this revision • Backward compatible changes • Non-backward compatible changes • New Features • Deprecated and removed elements • FIPS 201 Version Management 5
Change Management How we will proceed? • CM FIPS 201 sections as well as CM sections in the PIV SPs will be written in concert with stakeholders with a particular attention to Users and Implementers • Workshops, public comments and contributions are the main road to raise attention onto CM issues 6
Change Management Example of CM problems: • The draft FIPS 201-2 document introduces new features (e.g., match on card and two possible card authentication keys) and makes some data objects mandatory instead of optional (e.g., CAK). What are the recommended migration mechanisms as well as the potential impact to the relying party infrastructure? • How does a terminal find out if the card presented is compliant with FIPS 201-1 or FIPS 201-2? 7

Recomendados

Preparing for Your Annual Audit
Preparing for Your Annual AuditPreparing for Your Annual Audit
Preparing for Your Annual Auditnado-web
 
4321 alan place
4321 alan place 4321 alan place
4321 alan place jturner77
 
Toronto EAST Real Estate statistics september 2011
Toronto EAST Real Estate statistics september 2011Toronto EAST Real Estate statistics september 2011
Toronto EAST Real Estate statistics september 2011John Helfrich
 
The case to make Huntsville Weird(er) –TEDx Huntsville 2014
The case to make Huntsville Weird(er) –TEDx Huntsville 2014The case to make Huntsville Weird(er) –TEDx Huntsville 2014
The case to make Huntsville Weird(er) –TEDx Huntsville 2014Antonio Montoya
 
Soy acf western 2011
Soy acf western 2011Soy acf western 2011
Soy acf western 2011AK Communications
 
Rio+20: The Conference - Briefing on logistics by the Government of Brazil
Rio+20: The Conference - Briefing on logistics by the Government of BrazilRio+20: The Conference - Briefing on logistics by the Government of Brazil
Rio+20: The Conference - Briefing on logistics by the Government of Braziluncsd2012
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security reviewJohnbarchie
 
Customer-Specific Tailorability of Software Products- The Good, The Bad and T...
Customer-Specific Tailorability of Software Products- The Good, The Bad and T...Customer-Specific Tailorability of Software Products- The Good, The Bad and T...
Customer-Specific Tailorability of Software Products- The Good, The Bad and T...ISPMAIndia
 

Recomendados

Preparing for Your Annual Audit
Preparing for Your Annual AuditPreparing for Your Annual Audit
Preparing for Your Annual Auditnado-web
 
4321 alan place
4321 alan place 4321 alan place
4321 alan place jturner77
 
Toronto EAST Real Estate statistics september 2011
Toronto EAST Real Estate statistics september 2011Toronto EAST Real Estate statistics september 2011
Toronto EAST Real Estate statistics september 2011John Helfrich
 
The case to make Huntsville Weird(er) –TEDx Huntsville 2014
The case to make Huntsville Weird(er) –TEDx Huntsville 2014The case to make Huntsville Weird(er) –TEDx Huntsville 2014
The case to make Huntsville Weird(er) –TEDx Huntsville 2014Antonio Montoya
 
Soy acf western 2011
Soy acf western 2011Soy acf western 2011
Soy acf western 2011AK Communications
 
Rio+20: The Conference - Briefing on logistics by the Government of Brazil
Rio+20: The Conference - Briefing on logistics by the Government of BrazilRio+20: The Conference - Briefing on logistics by the Government of Brazil
Rio+20: The Conference - Briefing on logistics by the Government of Braziluncsd2012
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security reviewJohnbarchie
 
Customer-Specific Tailorability of Software Products- The Good, The Bad and T...
Customer-Specific Tailorability of Software Products- The Good, The Bad and T...Customer-Specific Tailorability of Software Products- The Good, The Bad and T...
Customer-Specific Tailorability of Software Products- The Good, The Bad and T...ISPMAIndia
 
Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIM
Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIMEmployers Information Requirements (EIR) Explanatory Notes - P21+ and BIM
Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIMSimon Owen
 
Scm
ScmScm
ScmSyed Muhammad Hammad
 
ACC 675 Milestone Four
ACC 675 Milestone FourACC 675 Milestone Four
ACC 675 Milestone FourAntonioBennet
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
Agile BIM Standards (Episode 6)
Agile BIM Standards (Episode 6)Agile BIM Standards (Episode 6)
Agile BIM Standards (Episode 6)Clive Jordan - fighter of Evil BIM
 
Session2 swift 2-presentation-26-mar-2013
Session2 swift 2-presentation-26-mar-2013Session2 swift 2-presentation-26-mar-2013
Session2 swift 2-presentation-26-mar-2013Sondhaya Sudhamasapa
 
AUDIT READINESS
AUDIT READINESSAUDIT READINESS
AUDIT READINESSnado-web
 
Introduction to BIM Execution Planning (BEP) (Episode 02)
Introduction to BIM Execution Planning (BEP) (Episode 02)Introduction to BIM Execution Planning (BEP) (Episode 02)
Introduction to BIM Execution Planning (BEP) (Episode 02)Clive Jordan - fighter of Evil BIM
 
ENTG-Investor-Analyst-Update-2021-FINAL.pdf
ENTG-Investor-Analyst-Update-2021-FINAL.pdfENTG-Investor-Analyst-Update-2021-FINAL.pdf
ENTG-Investor-Analyst-Update-2021-FINAL.pdfKyleLee118804
 
Software Configuration Management
Software Configuration ManagementSoftware Configuration Management
Software Configuration ManagementMata Gujri College, FatehGarh Sahib ( Harsimrat Deo )
 
Bim building information modelling
Bim building information modellingBim building information modelling
Bim building information modellingSumayyaSayeeda
 
Klastorin parte1 1
Klastorin parte1 1Klastorin parte1 1
Klastorin parte1 1cpezoareyes
 
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docx
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docxREQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docx
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docxheunice
 
Sony presentation 2 final
Sony presentation 2 finalSony presentation 2 final
Sony presentation 2 finalRyan Chua
 
Chap 4.6 Perform Integrated Change Control
Chap 4.6 Perform Integrated Change ControlChap 4.6 Perform Integrated Change Control
Chap 4.6 Perform Integrated Change ControlAnand Bobade
 
IPM2015 | Day 0 | EXPA Talk
IPM2015 | Day 0 | EXPA TalkIPM2015 | Day 0 | EXPA Talk
IPM2015 | Day 0 | EXPA TalkAIESEC
 
The Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On BoardThe Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On BoardKeyedIn Projects
 
Sony presentation 2 final
Sony presentation 2 finalSony presentation 2 final
Sony presentation 2 finalRyan Chua
 
New Microsoft PowerPoint Presentation
New Microsoft PowerPoint PresentationNew Microsoft PowerPoint Presentation
New Microsoft PowerPoint PresentationMohammed Ghorab
 
The SPI Buyer Direct Roadmap
The SPI Buyer Direct RoadmapThe SPI Buyer Direct Roadmap
The SPI Buyer Direct RoadmapSPI Conference
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdfwardell henley
 

Más contenido relacionado

Similar a Change management .francomarcaro

Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIM
Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIMEmployers Information Requirements (EIR) Explanatory Notes - P21+ and BIM
Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIMSimon Owen
 
ACC 675 Milestone Four
ACC 675 Milestone FourACC 675 Milestone Four
ACC 675 Milestone FourAntonioBennet
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
Session2 swift 2-presentation-26-mar-2013
Session2 swift 2-presentation-26-mar-2013Session2 swift 2-presentation-26-mar-2013
Session2 swift 2-presentation-26-mar-2013Sondhaya Sudhamasapa
 
AUDIT READINESS
AUDIT READINESSAUDIT READINESS
AUDIT READINESSnado-web
 
ENTG-Investor-Analyst-Update-2021-FINAL.pdf
ENTG-Investor-Analyst-Update-2021-FINAL.pdfENTG-Investor-Analyst-Update-2021-FINAL.pdf
ENTG-Investor-Analyst-Update-2021-FINAL.pdfKyleLee118804
 
Bim building information modelling
Bim building information modellingBim building information modelling
Bim building information modellingSumayyaSayeeda
 
Klastorin parte1 1
Klastorin parte1 1Klastorin parte1 1
Klastorin parte1 1cpezoareyes
 
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docx
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docxREQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docx
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docxheunice
 
Sony presentation 2 final
Sony presentation 2 finalSony presentation 2 final
Sony presentation 2 finalRyan Chua
 
Chap 4.6 Perform Integrated Change Control
Chap 4.6 Perform Integrated Change ControlChap 4.6 Perform Integrated Change Control
Chap 4.6 Perform Integrated Change ControlAnand Bobade
 
IPM2015 | Day 0 | EXPA Talk
IPM2015 | Day 0 | EXPA TalkIPM2015 | Day 0 | EXPA Talk
IPM2015 | Day 0 | EXPA TalkAIESEC
 
The Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On BoardThe Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On BoardKeyedIn Projects
 
Sony presentation 2 final
Sony presentation 2 finalSony presentation 2 final
Sony presentation 2 finalRyan Chua
 
New Microsoft PowerPoint Presentation
New Microsoft PowerPoint PresentationNew Microsoft PowerPoint Presentation
New Microsoft PowerPoint PresentationMohammed Ghorab
 
The SPI Buyer Direct Roadmap
The SPI Buyer Direct RoadmapThe SPI Buyer Direct Roadmap
The SPI Buyer Direct RoadmapSPI Conference
 

Similar a Change management .francomarcaro (20)

Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIM
Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIMEmployers Information Requirements (EIR) Explanatory Notes - P21+ and BIM
Employers Information Requirements (EIR) Explanatory Notes - P21+ and BIM
 
Scm
ScmScm
Scm
 
ACC 675 Milestone Four
ACC 675 Milestone FourACC 675 Milestone Four
ACC 675 Milestone Four
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
Agile BIM Standards (Episode 6)
Agile BIM Standards (Episode 6)Agile BIM Standards (Episode 6)
Agile BIM Standards (Episode 6)
 
Session2 swift 2-presentation-26-mar-2013
Session2 swift 2-presentation-26-mar-2013Session2 swift 2-presentation-26-mar-2013
Session2 swift 2-presentation-26-mar-2013
 
AUDIT READINESS
AUDIT READINESSAUDIT READINESS
AUDIT READINESS
 
Introduction to BIM Execution Planning (BEP) (Episode 02)
Introduction to BIM Execution Planning (BEP) (Episode 02)Introduction to BIM Execution Planning (BEP) (Episode 02)
Introduction to BIM Execution Planning (BEP) (Episode 02)
 
ENTG-Investor-Analyst-Update-2021-FINAL.pdf
ENTG-Investor-Analyst-Update-2021-FINAL.pdfENTG-Investor-Analyst-Update-2021-FINAL.pdf
ENTG-Investor-Analyst-Update-2021-FINAL.pdf
 
Software Configuration Management
Software Configuration ManagementSoftware Configuration Management
Software Configuration Management
 
Bim building information modelling
Bim building information modellingBim building information modelling
Bim building information modelling
 
Klastorin parte1 1
Klastorin parte1 1Klastorin parte1 1
Klastorin parte1 1
 
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docx
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docxREQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docx
REQUIREMENTS MANAGEMENT PLANPurposeThis document defines the s.docx
 
Sony presentation 2 final
Sony presentation 2 finalSony presentation 2 final
Sony presentation 2 final
 
Chap 4.6 Perform Integrated Change Control
Chap 4.6 Perform Integrated Change ControlChap 4.6 Perform Integrated Change Control
Chap 4.6 Perform Integrated Change Control
 
IPM2015 | Day 0 | EXPA Talk
IPM2015 | Day 0 | EXPA TalkIPM2015 | Day 0 | EXPA Talk
IPM2015 | Day 0 | EXPA Talk
 
The Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On BoardThe Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On Board
 
Sony presentation 2 final
Sony presentation 2 finalSony presentation 2 final
Sony presentation 2 final
 
New Microsoft PowerPoint Presentation
New Microsoft PowerPoint PresentationNew Microsoft PowerPoint Presentation
New Microsoft PowerPoint Presentation
 
The SPI Buyer Direct Roadmap
The SPI Buyer Direct RoadmapThe SPI Buyer Direct Roadmap
The SPI Buyer Direct Roadmap
 

Más de wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdfwardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmpwardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmenwardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securitywardell henley
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguidewardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Managementwardell henley
 

Más de wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
It security cert_508
It security cert_508It security cert_508
It security cert_508
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Soa security2
Soa security2Soa security2
Soa security2
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 

Change management .francomarcaro

  • 1. FIPS 201-2 Workshop NIST PIV Team National Institute of Standards and Technology US Department of Commerce Gaithersburg, MD April 18 – 19, 2011 1 1
  • 3. Change Management Why this new section of the FIPS 201-2? • Because we want to work with all the stakeholders to mitigate the impact of any change on the existing infrastructures • And because we want to be faithful to these two principles: – Do no harm; don’t break what works – Anything we change should not astonish anyone 3
  • 4. Change Management How to achieve these goals? • Changes will be introduced over 5 to 6 year period to allow time to execute transition plans • FIPS 201 will contain only requirements that change infrequently. Implementation details should be in the associated Special Publications • New requirements will be introduced ‘optional’ at first, and would become mandatory in the following revision • Backward compatibility will be maintained where possible 4
  • 5. Change Management New sections added to this revision • Backward compatible changes • Non-backward compatible changes • New Features • Deprecated and removed elements • FIPS 201 Version Management 5
  • 6. Change Management How we will proceed? • CM FIPS 201 sections as well as CM sections in the PIV SPs will be written in concert with stakeholders with a particular attention to Users and Implementers • Workshops, public comments and contributions are the main road to raise attention onto CM issues 6
  • 7. Change Management Example of CM problems: • The draft FIPS 201-2 document introduces new features (e.g., match on card and two possible card authentication keys) and makes some data objects mandatory instead of optional (e.g., CAK). What are the recommended migration mechanisms as well as the potential impact to the relying party infrastructure? • How does a terminal find out if the card presented is compliant with FIPS 201-1 or FIPS 201-2? 7