NIST SP 800-137

From: Network World

by Jon Oltsik

Pressing need for integration, intelligence, automation, and big data capabilities

Today’s security threats are difficult to defend against.  On the one hand, the volume of malware variants has gone through the roof over the past few years.  On the other, targeted attacks have become more stealthy and damaging.

How can CISOs possibly combat this cybersecurity double-edged sword?  With continuous monitoring of everything — IT assets, configurations, network traffic, application behavior, user activity, etc.

From: FedTech

Monitoring is an essential part of cybersecurity, but agencies must establish an effective security infrastructure first.

Security Leaders Increasing Frequency of Proactive Assessment to Determine Strengths and Allocate Resources Effectively

SANTA CLARA, CA–(Marketwire – Jul 30, 2012) –  RedSeal Networks, the world’s leading proactive enterprise security management provider, today highlighted results of the recent ESG Research Report, “Security Management and Operations,” which found that a growing number of organizations are adopting continuous monitoring to improve protection of their electronic assets and validate compliance with required security policies.

From: Digital Government Institute

August 28 – August 29, 2012

Office of Management and Budget (OMB), Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) are placing increased emphasis on implementing an effective “information security continuous monitoring (ISCM) program” for all government and contractor run IT systems. This will be accomplished by DHS and OMB increasing the annual FISMA reporting requirements and NIST issuing NIST Special Publications (SP):

• Information Security Continuous Monitoring Guideline (SP 800-137) – Final
• Security-Focused Configuration Management Guideline (SP 800-128) – Final
• Update Risk Assessment Guideline (SP 800-30 Rev 1)

From: FederalNewsRadio.com 1500AM

By Jason Miller

Two major technology contracts are ready to enter their next steps in the acquisition process.

The Veterans Affairs Department is evaluating bids for its $5 billion commodity IT hardware contract and expects to make awards by Sept. 30.

The General Services Administration any day now will release a request for information for a blanket purchase agreement on how best to offer continuous monitoring tools to other agencies.

Both of these significant contracts, coupled with what some in industry are calling the busiest fourth quarter buying season in recent memory, are showing that despite budget pressures and the potential for sequestration cuts, agency spending is healthy and active.

From: USAJobs.gov

Editor’s Note:  More information on SP 800-93, Rev. 1, including the draft document, may be found here.

From: GovInfoSecurity

By Information Security Media Group

Intrusion detection and prevention software has become a necessary addition to the information security infrastructure of many organizations, so the National Institute of Standards and Technology is updating its guidance to help organizations to employ the appropriate programs.

NIST is seeking comments from stakeholders on the guidance, Special Publication 800-93, Revision 1 (Draft): Guide to Intrusion Detection and Prevention Systems, before publishing a final version.

From: DISA

On July 19, DISA PEO-MA successfully held a Continuous Monitoring & Risk Scoring (CMRS) DCO session with over 400 participants attending. The video recording, presentation slides, and user guide are available to view and download at *** east.esps.disa.mil/DISA/ORG/MA5/scm/cmrs/SitePages/Training.aspx (add https:// in front of URL).

From: GovInfoSecurity.com

What the Senate Bill Means for Those Charged with Securing IT

From: Splunk>Blogs

Here I’m testing a simple Max/MSP patch using the [udpsend] object to Splunk listening on localhost:8002.

Using Splunk to check consistency of a sin function based log generator written in Max.

The Max patch to the right is generating a log entry many times a second, the exact amount being modulated by a [sin] object.  Since the sin wave is pretty easy to detect discrepancies in, I can just eyeball for dropped packets or latency.  With this information, and an eye on my system load using some code stolen from our Unix App, I can safely proceed knowing what load I can push my system to during demos running both Splunk and Max before I see problems using this setup.