NIST SP 800-137

From: FCW

By Patrick D. Howard

If you were offered free tires for your car or a tune-up, which would you take? One seems far more valuable than the other, but the answer would depend on the car’s needs. If your current tires are perfectly adequate, then the tune-up for your misfiring engine would be the smarter choice.

That question simplifies the complex choices federal agencies face with the “free” assistance offered by the Department of Homeland Security for its Continuous Diagnostics and Mitigation (CDM) program.

From: Federal Times

As director of the Federal Network Resilience Division at the Department of Homeland Security, John Streufert oversees a $6 billion effort to secure public-sector networks against cyber threats. That effort, called the Continuous Diagnostics and Mitigation (CDM) program, aims to apply a strategic sourcing acquisition strategy toward the purchase of network sensors, dashboards, expertise and a variety of services to identify and fix the worst vulnerabilities threatening the dot-gov enterprise. Streufert provided an update on that program as the keynote speaker at a June 11 event hosted by Federal Times and its sister publication C4ISR & Networks. Following are edited excerpts of his address and an interview with Federal Times Editor Steve Watkins:

From: Infosecurity-Magazine.com

Site forced to close after attacker infiltrated its EC2 control panel.

From: InformationWeek/Government

Vincent Berk

NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don’t wait until next year to close your security gaps.

The National Institute of Science and Technology’s Special Publication 800-53 aims to raise the bar and set a standard of security for federal government information processing systems. As NIST works on Revision 5 of the document, which is expected to come out in April 2015, it will need to reverse the sweeping generalizations made in Revision 4 regarding the nature of the threat against data. Network defense is not a spectator sport — it must be engaged in continuously and consciously.

From: Federal Times

By RUTRELL YASIN

The Department of Homeland Security is gearing up to issue new task orders for its Continuous Diagnostics and Mitigation program, ensuring that more agencies can obtain the necessary tools to improve the security and resilience of their networks.

The contracts will supply solutions under competitive task orders for 23 agencies within the next 20 weeks, according to John Streufert, director of Federal Network Resilience, the division within DHS taking the lead in the CDM effort.

From: BankInfoSecurity

From: Center for Regulatory Effectiveness via PR Newswire

WASHINGTON, June 4, 2014 /PRNewswire-USNewswire/ — Regulations.gov is the keeper of some of the nation’s most precious data—all the information regarding the most important regulations issued by all federal agencies. The information includes copies of proposed rules, copies of final rules, supporting data and most importantly all the comments submitted to federal agencies from the public.

This important function is not housed in a particular agency and it has neither a well-defined management structure nor a yearly budget; instead this important function is managed by a multi-headed interagency agency council which has to pass the hat to keep the operation running.

From: NIST

A new NIST Computer Security Division publication, Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management, has been posted at http://csrc.nist.gov/publications/nistpubs/800-37-rev1/nist_oa_guidance.pdf. This publication responds to a requirement from the Office of Management and Budget (OMB) in Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, and provides clarifying and amplifying guidance on the application of current NIST guidelines to the security authorization process to facilitate the transition to ongoing authorization. There will be no public comment period for this publication.