This course explores concepts and issues pertaining to information assurance architectures and technologies (IAA), such as a three-level enterprise and cybersecurity architecture offered as one of the security common languages from the National Institute of Standards and Technology (NIST). Key NIST Cybersecurity Center of Excellence (NCCoE) Practice guides pertaining to IAA issues are introduced and analyzed. NIST/NCCoE security guidance and metrics for Zero Trust Architecture (ZTA), continuous diagnostics and mitigation (CDM), and artificial intelligence/machine learning (AI/ML) security guidance and metrics are applied to analysis of selected enterprise and cybersecurity programs, such the Department of Defense (DoD) Zero Trust Reference Architecture, Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) Trusted Internet Connections Program (CISA TIC), Federal Aviation Administration (FAA) Air Traffic Modernization (NextGen) process, and Food and Drug Administration (FDA) (for approval of medical devices). Cloud computing security architecture issues for IAA technologies including FedRAMP (Federal Resources Analysis and Management Program) authorization are analyzed. Topics include protecting control systems from non-control systems for information technology (IT) and operational technology (OT) enterprise and cybersecurity risk management. For example, these IT/OT interface issues are critical for the NIST Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements. IAA analyses include enterprise Internet of Things (IoT) mobility issues and a virtual laboratory project based on selected Amazon Web Services (AWS) security capabilities for Zero Trust Architecture (ZTA).
EN.605.202 Data Structures; EN.695.601 Foundations of Information Assurance or equivalent, and EN.605.671 Principles of Data Communications Networks or EN.635.611 Principles of Network Engineering.