Nov
15

OMB Memorandum: Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security

The attached OMB Memorandum M-10-28 “outlines and clarifies the respective responsibilities and activities of the Office of Management and Budget (OMB), the Cybersecurity Coordinator, and DHS, in particular with respect to the Federal Government’s implementation of the Federal Information Security Management Act of 2002.”
OMB-m10-28

Nov
06

Kundra says agencies ready for real-time FISMA reporting tool

CyberScope, set to go live Nov. 15, will replace annual paper reports with automated feeds
By Kevin McCaneyOct 19, 2010
Federal agencies say they are ready for next month’s shift to real-time reporting of cybersecurity compliance, J. Nicholas Hoover writes in InformationWeek.

The CyberScope compliance tool, scheduled to go live Nov. 15, will replace annual paper reports on compliance with Federal Information Security Management Act requirements with automated feeds of systems status that will be correlated by the Homeland Security Department.

“All agencies required to report will definitely be able to report by Nov. 15,” Matt Coose, director of the federal network security branch of DHS’ National Cybersecurity Division, told InformationWeek.

Nov
06

CyberScope and new FISMA guidance Reshapes Federal Cybersecurity

With the increase of advanced persistent threats combined with the need for cost savings, the Federal Government is undertaking a dramatic shift in its cybersecurity strategy and annual reporting. The Federal Information Security Management Act (FISMA) requires agencies to report quarterly and annually based on performance measures defined by the Office of Management of Budget (OMB). Until this year, this reporting typically consisted of reports from enterprise FISMA management systems supplemented with spreadsheets. In prior years, OMB received individual spreadsheets from each Department and Independent agency along with paper copies of the Inspector General reports from each. This was over 200 pieces of information that had to be manually prepared by each agency and then consolidated by OMB.

Nov
05

Continuous Monitoring FAQs

NIST’s Frequently Asked Questions on Continuous Monitoring attached below.

faq-continuous-monitoring

Nov
05

FISMA 2010 and Beyond

NIST Slide Presentation attached: “FISMA 2010 and Beyond —
Strategic and Tactical Risk Management and the Role of Software Assurance”

FISMA2010andBeyond

Nov
05

OMB Memorandum: FY 2010 Reporting Instructions for FISMA and Agency Privacy Management

Memorandum M-10-15 to Agency Heads, April 21, 2010

The attached OMB Memorandum explains that “Agencies need to be able to continuously monitor security-related information from across the enterprise in a manageable and actionable way.” and includes “FY 2010 Frequently Asked Questions on Reporting for the Federal Information Security Management”

OMB Memorandum M-10-15