NIST SP 800-137

From: Federal Times

By RUTRELL YASIN

As agencies deploy continuous monitoring tools to strengthen the security posture of their cyber networks, a challenge going forward will be how to make meaningful decisions from all of the collected data.

Federal agencies are at various stages in their deployment of continuous monitoring tools and services that can diagnosis and mitigate cyber threats in real time as John Streufert, director of Federal Network Resilience, with the Homeland Security Department, noted during a Federal Times cybersecurity seminar in June.

Read Complete Article

From: GCN

By (ISC)2 Government Advisory Board Executive Writers Bureau

Agencies are headed to the cloud, but security and ensuring that the requirements of Continuous Diagnostics and Mitigation (CDM) program can be met are challenging areas that can slow down cloud adoption.

Since agencies are required to look to the cloud first for services, why not seek out cloud CDM providers?

 In fact, agencies are considering the use of cloud CDM providers, but they must first determine the types of assurances they  need to guarantee that the CDM provider does not breach vulnerability information. So, what are the options, and do CDM services exist that are available for agencies to try at little or no cost?

From: Network World

The expansion and blurring of the traditional government network environment require federal IT officials to rethink contracting processes and embrace real-time security monitoring.

By Kenneth Corbin

Within the federal government, the shift toward virtualization and cloud computing is already well underway, but agency and industry officials warn that those migrations invite new security considerations, particularly in the form of insider threats.

Eric Chiu, president of the cloud and virtualization security firm HyTrust, notes the familiar list of arguments in favor of virtualizing servers and systems – lower costs and increased agility and efficiency chief among them – but points out that there are dangers associated with that transition.

From: LearnAtChina.com

The unexpected departure of Steven VanRoekel as the federal chief information officer likely will have little direct impact on the Obama administration’s cybersecurity initiatives.

VanRoekel is leaving the White House to become the chief innovation officer at the United States Agency for International Development, working with the agency’s Ebola response team. In his new job, VanRoekel will advise the agency’s senior leaders on using technology and data to help ensure the U.S. government’s response to the Ebola outbreak is coordinated most effectively and efficiently.
The Threat Landscape

***

From: Computer Technology Review

Red Hat launched availability of its Red Hat Enterprise Linux 5.11, the final minor release of the mature Red Hat Enterprise Linux 5 Platform, reinstating the company’s commitment to a 10-year product lifecycle for all major Red Hat Enterprise Linux releases with a secure, stable, and reliable platform for critical enterprise applications. 

Currently available on the Red Hat Customer Portal, Red Hat Enterprise Linux 5.11 is available to all customers and partners with an active Red Hat Enterprise Linux subscription. Red Hat Enterprise Linux 5 remains actively supported until March 31, 2017, when it is scheduled to be retired.

From: TechTarget

Read Complete Article

From: CIO

An ambitious government IT push toward cloud, mobile and shared services stokes concerns about security challenges from insider threats and disappearing network boundaries.

By Kenneth Corbin

WASHINGTON – In an era of cloud computing, increasing mobility and federal agencies outsourcing more functions to IT contractors, the traditional lines delineating a network perimeter have blurred beyond recognition, experts warn.

“I think best practices have to completely shift,” Gus Hunt, operating partner at the private equity firm LLR Partners and the former CTO at the CIA, said this week at a government IT conference.

From: FCW

By Mark Rockwell

Note: An earlier version of this story reported that RSA had won a Homeland Security CDM dashboard contract. According to industry sources. Archer is a finalist for the contract, but the selection process is not yet complete.

Assertions by IT security contractor RSA that its Archer GRC solution had been selected by the Department of Homeland Security as the continuous diagnostics and mitigation dashboard solution may have been premature.

From: FederalNewsRadio.com 1500 AM

This week on “Off the Shelf”, Brad Medairy, senior vice president with Booz Allen Hamilton, joins host Roger Waldron for an engaging and timely discussion of cybersecurity and Continuous Diagnostics and Mitigation (CDM).

Medairy assesses the current cyber threat environment and addresses how CDM can meet the cybersecurity challenges customer agencies are facing every day.

He also outlines Booz Allen Hamilton’s CDM roadmap explaining how it supports customer CDM implementations.

Read Complete Article

From: CSO

By Eric Cowperthwaite

As you’ve heard by now, an attacker broke into a server used to test code for HealthCare.gov and uploaded malicious software. While there’s no evidence that consumers’ personal information was swiped, this is a very significant incident.

Like many of the other breaches that have made headlines over the past few months, this was the result of simple, compounded mistakes. A basic security flaw went overlooked, and it was assumed that because the system in question wasn’t supposed to be connected to the internet, it wasn’t high priority and didn’t warrant continuous monitoring. But that’s not a fair assumption – accidently connecting a system like this to the internet is an easy mistake to make in a complex environment. That sort of thing happens all the time.