NIST SP 800-137

From: Dark Reading

“Guards, gates, and guns” organizations say that cybersecurity has become a top priority

By Tim Wilson

Say the word “security” in most large corporations, and you’ll generally get two very different responses: one is a group of IT technicians in the data center; the other is a group of armed guards.

Historically, these two groups of a common name have barely spoken to each other, except on the way through a locked door or at an all-hands staff meeting. But as enterprises begin to look more closely at their defenses and rethink their security strategies, the separation between the two groups has begun to dissolve.

Editor’s Note:  The OMB Memorandum providing FISMA reporting instructions, M-11-33, is attached below.

From: Information Week/Government

Move from annual reports to consistent CyberScope submissions expected to lighten agencies’ compliance burden, tighten federal cybersecurity.

By Elizabeth Montalbano

Federal agencies must begin reporting security data to an online compliance tool as part of fiscal year 2011 requirements for the Federal Information Security Management Act (FISMA).

The Department of Homeland Security (DHS) outlined new requirements for FISMA, the National Institute of Standards and Technology (NIST) security standard for federal IT solutions. One of them calls for agencies to establish monthly data feeds to CyberScope, a compliance tool developed to help the feds to better and more actively monitor cybersecurity.

From: Threat Post

Editor’s Note:  The following article highlights to role of continuous monitoring in helping to predict assess needs.

From: The Data Center Journal

Billions of dollars have been spent building highly redundant data center facilities to deliver high-availability IT solutions to an increasingly information-reliant world. These large investments have produced a variety of sophisticated facility infrastructure designs that are inherently reliable and progressively more energy efficient. No facility design, however, regardless of how well planned and constructed, can withstand the disruption of an improperly implemented operations and maintenance (O&M) program. Poor maintenance and risk mitigation processes can quickly undermine the facility design intent. It is therefore crucial to understand and evaluate how O&M programs are organized to achieve the level of performance for which the facility has been configured. This article identifies a method for aligning the operational requirements of the business with maintenance program standards that can be easily understood and communicated throughout the organization.

From: InformationWeek

Vivek Kundra’s resignation as federal CIO underscores a nagging issue in government IT — a lack of continuity among key decision makers.

By John Foley

Having jump-started Uncle Sam’s move into cloud computing, Vivek Kundra is now aiming more broadly, pitching the idea of a “global cloud-first policy” and agreeing to advise the European Union on its cloud strategy. They’re impressive next steps for the former federal CIO. How they will finish is an open question.