NIST SP 800-137

From: FCW/The Conversation

FCW recently reported on plans by the administration to use continuous monitoring for security clearances for feds and contractors.

One reader wondered how this would work in practice:

“Will this eliminate the need for the [five- and 10-year] re-evaluations for [top secret and secret] clearances? What criteria will be used for this collection of data? Traffic stops, speeding tickets, arrests, credit scores, late payments?”

Adam Mazmanian responds:

From: TheWhir

by Chris Burt

Insiders at US federal agencies pose nearly as much threat to agency information security as hackers, according to a survey released on Wednesday by IT software management company SolarWinds.

SolarWinds worked with Market Connections to survey 200 IT and IT security professionals from the federal government and military in early 2014, and their answers suggest that the threat landscape is much broader than just malicious outsiders.

Half of respondents named external hacking as the top cybersecurity threat for their organization, with 29 percent pointing to insider data leakage and theft. Nine percent were unsure if any cyber threats affected their agency.

From: FederalNewsRadio.com 1500 AM

By Jason Miller 

The second major piece of the continuous monitoring cybersecurity program is underway. The General Services Administration earlier this month awarded a contract for the cybersecurity dashboard to help agencies understand the health of their computer networks more easily and more often.

The Homeland Security Department oversees the continuous diagnostics and mitigation (CDM) program, and GSA acts as its procurement arm.

GSA awarded a $47.3 million contract to Metrica Team Venture-a team of five companies under the Alliant small business contract.

From: FierceGovernmentIT

By David Perera

Some federal agencies are choosing to buy continuous monitoring tools independently of the Homeland Security Department’s Continuous Diagnostics and Mitigation Program despite forfeiting DHS procurement money for those tools when doing so.

Those agencies have sought and received a “delegation of procurement authority” from the CDM program. That means they are able to use the blanket purchase agreements for security tools set up by GSA for the CDM program. But, if they exercise the delegation by buying tools themselves rather than through program office, they do it “with their own money,” said Jim Piché, a GSA acquisition manager newly appointed to overseeing the blanket purchase agreements.

From: Nextgov

By Aliya Sternstein

A governmentwide effort that will require additional funding is underway to connect the computer systems used for issuing security clearances and identification cards, in response to the Navy Yard shootings that killed a dozen people.

According to an interagency report released on Tuesday, various strategy and budget documents for the effort are due within six months.

The overhaul is intended to accelerate a transition to “continuous evaluation,” in which software routinely checks databases and social media for negative information on personnel in sensitive positions. Gunman Aaron Alexis reportedly had a card that allowed him access to the Navy Yard, despite a history of psychological problems and a disciplinary record.

From: SIGNAL On line/AFCEA

By George I. Seffers

From: FEDweek

The DHS inspector general has issued a management advisory report, consisting of a guide for assessing cybersecurity within the IG community.

The guide comes out of the Council of the Inspectors General on Integrity and Efficiency Cybersecurity Working Group, and while its focus is on the IG community, the guide could be a useful tool others might use to informally assess IT operations.

The high-level guide is based on the subject matter expertise of DHS IG IT audit managers and specialists, legal research, and a review of applicable websites and audit programs developed within the OIG community.

From: FCW

By Mark  Rockwell

The General Services Administration is fine-tuning management of its government-wide contract for continuous diagnostic and mitigation solutions, cutting a task order for agency and federal-level dashboards for the project and streamlining some of its administrative functions.

Scott Robertson, senior project manager of GSA’s Federal Acquisition Service’s Federal Systems Integration and Management Center (FedSIM), said the agency issued a task order March 3 to Metrica Team Venture, an Alliant Small Business prime contractor, for the agency- and federal-level CDM dashboards. GSA declined further immediate comment on the order citing procedural rules.

From: FCW

By Frank Konkel

Continuous monitoring sounds like a simple solution to combat cyber-intruders.

In theory — and with unlimited technological capabilities, funding and human talent — it is. All an agency must do is configure its networks and applications to automatically report in real-time all their connections and other various bytes of machine-generated data to logs for analysis, continuously compute these connections and wait for the signals of bad actors to show up in the noise.

From: InformationWeek/Government

Elena Malykhina

Government IT leaders believe continuous monitoring and advanced analytics can help agencies better understand their networks and security.

Government IT leaders believe the growth of big data analytics may provide new tools in combating cyber security threats, according to a new report.

The new report — based on conversations with18 federal government IT leaders with expertise in big data, cybersecurity, and operations — found that agencies are exploring the opportunities and threats emerging at the intersection of their big data and cybersecurity initiatives.