NIST SP 800-137

From: Federal Times

The Department of Homeland Security has outlined a $202 million program to arm federal agencies with new tools to continuously monitor their computer networks for security threats. Contracts for monitoring services will be awarded as early as next year.

The tools will enable agencies to monitor their systems every 24 to 72 hours, and to diagnose and prioritize the biggest security weaknesses. Such programs are already in operation at two agencies, the State and Justice departments.

When it comes to continuous monitoring capabilities, “we are a little bit uneven across [the] dot-gov” domain, said John Streufert, director of DHS’ National Cybersecurity Division.

NIST, GSA, DHS and DOD have released ver 1.0 of their Continuous Monitoring Strategy & Guide, attached below.  The Guide,

describes the FedRAMP strategy for CSPs to use once they have received a FedRAMP Provisional Authorization. CSPs must continuously monitor their cloud service offering to detect changes in the security posture of the system to enable well-informed risk-based decision making. This guide instructs CSPs on the FedRAMP strategy to continuously monitor their systems.

The Guide includes a discussion of the role of US CERT in incident handling:

From: GovInfoSecurity

DHS Initiative to Examine Networks of Federal Civilian Agencies

Attached below is a Pre-Decisional, Discussion Draft DHS Continuous Monitoring document.  According to DHS,

The attached technical requirements for continuous monitoring and cloud boundary defense serve as a proposed path forward for implementing federal information systems and cloud cybersecurity.

From: SANS Institute

DHS Releases Detailed Specification for Software Tools for Continuous

Editor’s Note:  The GAO Management Report, attached below, discusses shortcomings in IRS monitoring programs.  Key “Results in Brief”  discussing monitoring are quoted below.  The Report contains significant additional discussion related to IRS system monitoring policies.

From: The Data Center Journal

Rakesh Dogra

Technology finds its greatest potential in the user community. An event like Splunk Live DC therefore is an example of such an event where the user is the main focus. Splunk as a capability focusses immensely on the user. Three use cases of Splunk therefore came into the limelight at the event.Cisco used the technology to bolster the operations of the CSIRT or Cisco Computer Security Incident Response Team. The CSIRT was able to look for anomalies by gathering event data and enjoying a holistic approach to the same.

From: The Register

DAEDALUS system monitors unused IP addresses

By Phil Muncaster

Japanese boffins at the National Institute of Information and Communications Technology (NICT) have been showing off a new real-time alert system designed to help security teams spot and visualise cyber attacks more effectively.

The DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) system has been in the making for several years, and detects threats via large-scale monitoring of the internet’s unused IP addresses, which NICT calls the ‘darknet’.

Here’s an explanation from a 2009 research paper:

nCircle’s Enterprise-wide Continuous Monitoring and Vulnerability Management Program Increases Security and Compliance

SAN FRANCISCO, Jun 21, 2012 (BUSINESS WIRE) — nCircle, the leader in information risk and security performance management solutions, today announced that T.E.N. awarded Sallie Mae the Information Security Project of the Year for their implementation of nCircle IP360(TM). The award showcases projects for outstanding achievements in risk management, data asset protection, compliance, privacy and network security deployed and completed over the last 12-18 months. Nominees and final winners were recognized at the at the ISE(R) Central Awards 2012 held on June 6, 2012 at the Sheraton Dallas Hotel, Dallas, Texas.

From: Info Security

USAID gets detention after failing FISMA test

The US Agency for International Development (USAID) is working to improve its network security monitoring in response to a failing grade on the Federal Information Security Management Act (FISMA) scorecard, according to Jerry Horton, the agency’s chief information officer.

Editor’s Note:  To see NSTAC’s Highest Priority recommendations to the President, please see FISMA Focus here.

From: FierceGovernmentIT

The president should direct agencies that oversee national security and  emergency preparedness, or NS/EP, programs to move mission-critical systems to  the cloud, recommends  (.pdf) a May 15 report to the president from the White House’s national security  telecommunications advisory committee.

The report says all NS/EP-related cloud service level agreements should  address continuous availability and assured capacity, identity management,  periodic third-party audit, continuous monitoring, encryption of data at rest,  security process transparency, and the certification and accreditation of  hosting systems and processes.