NIST SP 800-137

From: GCN

GSA’s McClure tackles myths about program, lists areas tiger teams are working on

Five new tiger teams of representatives from across government are working to improve the Federal Risk Authorization and Management Program (FedRAMP) based on feedback submitted during the public comment process, the General Services Administration’s David McClure told attendees today at a symposium on high-performance cloud computing in Washington, D.C.

McClure provided a short list of concerns that GSA and government partners are working on to improve FedRAMP and sought to dispel myths about the security accreditation and authorization program designed to vet cloud providers and services.

From: GovInfoSecurity.com 

Bipartisan legislation to create a National Office for Cyberspace in the White House headed by a Senate-confirmed director and replace paper-based compliance with automated, continuous monitoring was introduced in the House of Representatives Wednesday by the co-founder of the House Cybersecurity Caucus. 

The bill, the Executive Cyberspace Coordination Act, is sponsored by Rep. James Langevin, D-R.I., who said the legislation would address the cybersecurity challenges facing the government outlined in the latest report from the Commission on Cybersecurity for the 44th Presidency, which he co-chairs (see 44th Presidency Commission Issues Update). 

From: GCN

The National Institute of Standards and Technology has released final specifications for the latest version of the Security Content Automation Protocol (SCAP). NIST also has updated recommendations for using standardized naming schemes included in SCAP.

An increased emphasis on continuous monitoring and real-time awareness of the security status of federal IT systems makes the automation of security activities imperative. SCAP is intended to enable that automation by supporting automated checking of configuration, vulnerability and patch status of systems, as well as compliance with security requirements. It also includes protocols for security measurement.

Editor’s Note: A Federal News Radio (1500 AM) discussion of continuous monitoring in mp3 format is attached below.

Agencies figuring out how to take network vitals

By Jason Miller
Executive Editor
Federal News Radio

Agencies have about 18 months to put in place the capability to know the real-time security of their computer networks.

Similar to when patient visits a doctor and has their vital signs taken to assess their health, agency chief information officers and chief information security officers must install several different data collection tools that will make up the capability to continuously monitor their network infrastructure.

From: Federal News Radio

Agencies figuring out how to take network vitals

By Jason Miller
Executive Editor
Federal News Radio

Agencies have about 18 months to put in place the capability to know the real-time security of their computer networks.

Similar to when patient visits a doctor and has their vital signs taken to assess their health, agency chief information officers and chief information security officers must install several different data collection tools that will make up the capability to continuously monitor their network infrastructure.