NIST SP 800-137

NIST has released a bulletin which summarizes the information in SP 800-137,  Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.  NIST states that,

The bulletin explains the importance of information system continuous monitoring in protecting information systems and information, the role of ISCM in the Risk Management Framework, the integration of ISCM in organizational risk assessment activities, and the details of the organizational ISCM process. References are provided to additional sources of information on ongoing monitoring of information systems and on the Risk Management Framework.

The bulletin is attached below.

CONTINUOUS MONITORING OF INFORMATION SECURITY

NIST’s Draft SP 800-153 provides continuous monitoring recommendations for wireless networks.  NIST recommendations contained in the draft Guidelines for Securing Wireless Local Area Networks (WLANs) include implementing continuous monitoring tools which can detect all of the following:

— Unauthorized WLAN devices, including rogue APs and unauthorized client devices

— WLAN devices that are misconfigured or using weak WLAN protocols and protocol implementations

— Unusual WLAN usage patterns, such as extremely high numbers of client devices using a particular AP, abnormally high volumes of WLAN traffic involving a particular client device, or many failed attempts to join the WLAN in a short period of time

From: FederalNewsRadio.com 1500 AM.

Federal CIO VanRoekel details his ‘first’ priorities

With nearly three months on the job, federal chief information officer Steven VanRoekel is putting a new shine on some long-standing technology priorities.

VanRoekel gave his first major policy speech on Tuesday night, since taking over for Vivek Kundra in August, signaling how he plans to move the administration’s IT reform ball forward.

From: www.FederalNewsRadio.com 1500 AM

By Jack Moore
Federal News Radio

For federal agencies, staying compliant with FISMA — the Federal Information Security Management Act — can feel like an endless process.

And in the ever-shifting world of federal IT and cybersecurity, to some extent, it is never-ending.

However, there’s a new guide to help agencies meet their continuous monitoring requirements.

Bruce Levinson, the editor of FISMA Focus at the Center for Regulatory Effectiveness, joined the Federal Drive to discuss the center’s recent survey on agency FISMA compliance. with Tom Temin and Amy Morris

From: FederalNewsRadio.com 1500 AM

By Jason Miller

One of the cybersecurity employees at the Homeland Security Department’s Immigration and Customs Enforcement directorate turned a phishing attack into a lessons learned for the rest of the department.

Jeff Eisensmith, ICE’s chief information security officer, said one of his employees strung out the attacker for a week and used this episode to help other ICE employees understand the dangers of phishing attacks.

Eisensmith said this example is part of the way ICE is improving the security of its network.

Study Fills Needs for Applied Best Practices Guidance

The Center for Regulatory Effectiveness (CRE), a regulatory watchdog, is releasing a best practices assessment of agency compliance with FISMA’s continuous monitoring requirements.

Studies have found only limited, insufficient agency adherence with FISMA’s continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies “did not adequately monitor networks” to protect them “from intentional or unintentional harm.”

The CRE study fills the information gap by providing senior and staff level cybersecurity professionals with practical guidance in effectively implementing Information Security Continuous Monitoring (ISCM).

An annual survey by InformationWeek of  “131 federal IT pros” found that almost half the surveyed professionals were unaware of NIST’s continuous monitoring requirement:

NIST gives agencies guidelines for implementing continuous monitoring, including both network and system-level monitoring, in their IT environments. While 21% of survey respondents have implemented continuous monitoring, a surprising 48% were not familiar with the requirements.

The complete survey report is attached below.

2011-federal-government-it-priorities_2703738[1]

Editor’s Note:  SP 800-126 rev. 2 is attached below.

From: NIST

I am pleased to announce the final release of NIST Special Publication (SP) 800-126 Revision 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. SCAP consists of a suite of specifications for standardizing the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. SP 800-126 defines and explains SCAP version 1.2, including the basics of the SCAP component specifications and their interrelationships, the characteristics of SCAP content, and the SCAP requirements not defined in the individual component specifications.

The finalized document recognizes the essential role of automated systems in ensuring the monitoring of federal information systems.  NIST explains that: