Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
NIST rewrites FISMA standards as cyber threats evolve
Monday - 3/5/2012, 6:18pm EST
The revamped FISMA includes new guidance for insider-threat management, supply-chain risk and mobile security.
"The changes we propose ... are directly linked to the current state of the threat space — the capabilities, intentions and targeting activities of adversaries — and analysis of attack data over time," said Ron Ross, a NIST fellow and the agency's FISMA implementation project leader.
Ross joined In Depth with Francis Rose to discuss the FISMA additions.
"This has been a really big update for us," Ross said. "It's been a year in the making, and we took a complete scrub of the entire security-control catalogue looking at the current threat space."
There is also the addition of a new appendix on privacy and privacy controls to better balance security needs and the privacy of individual users, he added.
"The threat space continues to move forward," Ross said. "We're looking at a lot of data on cyber attacks, capabilities, intentions, targeting by adversaries. All that information is used in a cycle to update our documents ... So, we're always going to be trying to bring the best defenses to our customer we possibly can."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.