Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Search Tags: NIST
If you are a sticker for time then your in luck.
The Senate is now considering a bill, approved last week by the House, designed to help the nation's electrical grid evolve into an enhanced Smart Grid which would help protect itself from cyber-attacks. In addition, however, the Smart Grid is also expected to help the nation do a better job of managing our electrical resources. A group of federal employees recently talked about their role in developing the Smart Grid.
The document highlights work being done by NIST, standards working group and budget guidance to agencies. NIST to come out with several special publications to help agencies implement cloud computing. The CIO Council also includes use cases on 30 different cloud implementations.
DHS is leading the effort to rework cybersecurity metrics around patch, configuration, vulnerability and inventory management. Justice plans to host an industry day in June to tell vendors how cyberscope works. NIST will issue new cyber publications and GSA plans on new RFP for situational awareness and incident response tools.
Tags: technology , Matt Coose , Marianne Swanson , DHS , Justice , GSA , OMB , cybersecurity , FISMA , Cyberscope , SmartBUY , situational awareness and incident response tools , Management of Change , Jason Miller
Computer breaches starting to level off, GISLA awards open for nominations
The Senate is now considering one of several cybersecurity bills now making their way through the U.S. Congress. The principal co-author of one bill spoke to a software industry group holding a cybersecurity forum at the Newseum yesterday.
Tags: technology , cybersecurity , BSA , Newseum , Jay Rockefeller , Olympia Snowe , 2010 Cybersecurity Forum , Senate Commerce Science and Transportation Committ , Gary Locke , Commerce , Department of Education , OPM
Major malware campaign abuses unfixed PDF flaw
Amtower gets the latest on upcoming conferences that you should attend.
March 15, 2010
The National Institute of Standards and Technology's (NIST) recent release of Special Publication 800-37, Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach is an important change in the direction of how federal agencies achieve information security and manage information system-related security risks. It shifts the focus away from a point in time Certification and Accreditation (C&A) approach to compliance towards continually assessing risk and security authorization. As a result, the federal information security community is sending a message to the broader federal community and creating an important discussion: the cyber threat is real and must be addressed in the context of its potential impact on an organization. Cyber security is not as simple as a "check the box" requirement. The paradigm shift away from point in time security and towards obtaining situational awareness of the organization's risk posture must be as pervasive in the federal government as the cyber threats are against us.
Regarding the impact on agency security procedures, the publication is clear on the focus of its new framework, stating:
The revised process emphasizes: (i) building information security capabilities into federal information systems through the application of state-of-the-practice management, operational, and technical security controls; (ii) maintaining awareness of the security state of information systems on an ongoing basis through enhanced monitoring processes; and (iii) providing essential information to senior leaders to facilitate decisions regarding the acceptance of risk to organizational operations and assets, individuals, other organizations, and the Nation arising from the operation and use of information systems.
This new Risk Management Framework builds much needed flexibility into the overall federal information security lifecycle to address the increasing nature and scope of threats in real-time, providing a number of key advantages that include:
- Continually evaluating the organization's risk posture and maintaining situational awareness of its cyber security posture
- Understanding the state and maturity of an agency's cyber security program
- Evaluating cyber security programs at key vulnerability points: people, processes, and technology
- Maintaining a focus on the security program lifecycle
- Addressing the key functions (governance, risk, management, compliance, operations) of a security program
Perhaps most importantly, agency security programs will be better positioned to evolve and mature - an absolute necessity for staying ahead of the growing and dynamic threat to our Nation's cyber security.
"Apple's iPad announcement has set off a new round of reports of networks unburdened by a data flow they were not built to handle," Phil Bellaria, director of scenario planning for broadband, and John Leibovitz, deputy chief of the FCC's wireless telecom bureau, wrote in a Monday blog post.