Drupal + FISMA: Lessons Learned Using Drupal within the Federal Information Security Framework
The purpose of this track is two-fold - one angle helps you to understand the advantages of Drupal from an organizational leadership angle and the other is to highlight the great Drupal sites and projects you're working on and to show what's possible. These sessions are business focused, and will be non-technical.
If you're thinking of implementing Drupal within a *.gov, you may feel lost like we did when it comes to the various numbers (800-53), acroynms (ATO), and requirements around information security.
In this session we will present a case study in setting up a public-facing Drupal web resource at the National Institute of Allergy and Infectious Diseases (NIAID), and navigate through the federal security process to indicate what is covered "out of the box" by Drupal versus what we needed to augment in order to "go live." We will touch upon contributed and custom Drupal modules to improve security, as well as some general processes and best practices that we have established to minimize our security vulnerabilities. We hope that what we've learned can be applied at other government agencies to help streamline Drupal system deployments.