Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
NIST rewrites FISMA standards as cyber threats evolve
Monday - 3/5/2012, 6:18pm EST
The revamped FISMA includes new guidance for insider-threat management, supply-chain risk and mobile security.
"The changes we propose ... are directly linked to the current state of the threat space — the capabilities, intentions and targeting activities of adversaries — and analysis of attack data over time," said Ron Ross, a NIST fellow and the agency's FISMA implementation project leader.
Ross joined In Depth with Francis Rose to discuss the FISMA additions.
"This has been a really big update for us," Ross said. "It's been a year in the making, and we took a complete scrub of the entire security-control catalogue looking at the current threat space."
There is also the addition of a new appendix on privacy and privacy controls to better balance security needs and the privacy of individual users, he added.
"The threat space continues to move forward," Ross said. "We're looking at a lot of data on cyber attacks, capabilities, intentions, targeting by adversaries. All that information is used in a cycle to update our documents ... So, we're always going to be trying to bring the best defenses to our customer we possibly can."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.