Cybersecurity Architecture

Harvey Newstrom was hired by SAIC to develop an agency architecture following FEA standards for the National Archives and Records Administration (NARA). The architecture had to comply with both classified and unclassified requirements as well as individual requirements for every agency and type of data records archived by NARA. SAIC later won contracts to implement similar agency architectures for US Forest Service and then other agencies.

Each federal architecture implementation was tailored for each agency’s unique needs. However, they all complied with Federal Enterprise Architecture standards and NIST requirements, producing a similar hierarchical structure including the following volumes.


Agency Security Architecture   
 · Cybersecurity Overview
 · Cybersecurity Risk Analysis
 · Cybersecurity Domain Model
 · Cybersecurity Policies
 · Cybersecurity Requirements
 · Cybersecurity Mechanisms
 · Cybersecurity Specifications
 · Cybersecurity Engineering
 · Cybersecurity Operations
 · Cybersecurity Methodologies
 · Cybersecurity Processes
 · Cybersecurity Procedures

FEA Reference Models
 · Performance Ref. Model
 · Business Ref. Model
 · Data Ref. Model
 · App/Component Ref. Model
 · Infrastructure Ref. Model
 · Security Ref. Model

Risk Management Framework
 · Prepare
 · Categorize
 · Select
 · Implement
 · Assess
 · Authorize
 · Monitor

Cybersecurity Framework
 · Identify: Asset Management
 · Identify: Business Environment
 · Identify: Governance
 · Identify: Risk Assessment
 · Identify: Risk Management
 · Identify: Supply Chain Risk
      Management
 · Protect: Identity Management,
      Authentication, Access Control
 · Protect: Awareness and Training
 · Protect: Data Security
 · Protect: Information Protection
      Processes and Procedures
 · Protect: Maintenance
 · Protect: Protective Technology
 · Detect: Anomalies and Events
 · Detect: Continuous Monitoring
 · Detect: Processes
 · Response: Planning
 · Response: Communications
 · Response: Analysis
 · Response: Mitigation
 · Response: Improvements
 · Recover: Planning
 · Recover: Improvements
 · Recover: Communications

Cybersecurity Controls
 · Access Control
 · Audit and Accountability
 · Awareness and Training
 · Configuration Management
 · Contingency Planning
 · Identification and
      Authentication
 · Incident Response
 · Individual Participation
 · Maintenance
 · Media Protection
 · Personnel Security
 · Privacy Authorization
 · Physical/Environmental
      Protection
 · Planning
 · Program Management
 · Risk Assessment
 · Assessment, Authorization,
      Monitoring
 · System/Communications
      Protection
 · System/Information Integrity
 · System/Services Acquisition
 · (policies for each above)
 · (procedures for each above)
© Copyright 2020 by Harvey Newstrom. All rights reserved. Contact Site Privacy Do Not Track Do Not Sell