NIST SP 800-137

From: FederalNewsRadio.com 1500AM

By Michael O’Connell

Most agencies are making progress in securing their information and protecting themselves from cyber threats, but they’re still falling short of the Cross-Agency Priority (CAP) Goals set by the Obama administration, according to a fourth-quarter update recently posted on Performance.gov.

The Obama administration established 15 cross-agency priority goals when it released the 2015 budget last spring. The seven mission-oriented and eight management goals are laid out in a four-year timeframe.

Read Complete Article

From: GovInfoSecurity

From: HSToday.US

By: Anthony Kimery, Editor-in-Chief

The Department of Homeland Security’s (DHS) Office of Inspector General (OIG) disclosed in a new 62-page audit report that DHS “has made progress to improve its information security program, but noncompliance by several DHS component agencies is undermining that effort.”

OIG analysts’ Evaluation of DHS’ Information Security Program for Fiscal Year 2014 “cited a shift to risk-based management of information technology (IT) security and implementation of an agency-wide performance plan as positive developments.  However, the OIG raised concerns over a lack of compliance by components and urged DHS leadership to strengthen its oversight and enforcement of existing security policies.”

From: FederalNewsRadio.com 1500AM

By Jason Miller 

The Veterans Affairs Department is among the first agencies to turn on advanced cybersecurity capabilities known as Einstein 3 Accelerated.

VA’s move to the Department of Homeland Security’s E3A is part of its new strategy to answer long-standing criticisms about how it protects the data of millions of veterans. Most recently, VA failed its Federal Information Security Management Act audit for the 16th straight year.

Read Complete Article

From: GCN

By William Jackson

For more than a decade, the federal government has been moving from a periodic, compliance-based approach to IT security to real-time awareness based on the continuous monitoring of IT systems and networks.

While progress  has been spotty so far, some security watchers say Phase 2 of the Homeland Security Department’s Continuous Diagnostics and Mitigation program, expected to be implemented in 2015, could be a major step forward.

Read Complete Article

From: GovInfoSecurity

Publication Seen as Aiding with Continuous Monitoring

By Eric Chabrow

New guidance published by the National Institute of Standards and Technology is aimed at helping federal agencies and other organizations in and out of government assess proper security and privacy controls, especially those tied to the continuous monitoring of IT systems for vulnerabilities.

The Federal Information Security Management Act,  the law that governs federal government IT security, requires government agencies to “reauthorize” the security of their IT systems every three years using a checkbox process to attest that proper
security controls were implemented. FISMA also requires inspectors general to review annually their respective agencies’ cybersecurity programs.

From: IEEE Spectrum

By Mark Anderson

The scope of the recent hack of Sony Pictures — in which unidentified infiltrators breached the Hollywood studio’s firewall, absconded with many terabytes of sensitive information and now regularly leak batches of damaging documents to the media — is only beginning to be grasped. It will take years and perhaps some expensive lawsuits too before anyone knows for certain how vast a problem Sony’s digital Valdez may be.

But the take-away for the rest of the world beyond Sony and Hollywood is plain: Being cavalier about cybersecurity, as Sony’s attitude in recent years has been characterized, is like playing a game of corporate Russian roulette.

From: FCW

By John Moore

Agencies face a delicate balancing act when it comes to providing mobile security.

On the one hand, IT departments seek to extend endpoint security to a growing population of mobile devices. It’s easy to see why: Smartphones can go missing along with agency data, and mobile devices in general can introduce malware to enterprise networks. On the other hand, employees want the ease of use of consumer technology, and agency managers covet the potential productivity boost.

***

From: Netxgov

By Aliya Sternstein

CenturyLink has begun automatically blocking malicious operations on federal networks, under a controversial Department of Homeland Security program that monitors Internet traffic governmentwide.

The progress comes after delays due to contract negotiations. DHS in 2013 tapped five telecommunications companies to computerize threat deflection, including major players AT&T and Verizon.

Read Complete Article

From: FederalNewsRadio.com 1500 AM

It’s been a little over a year since Lockheed Martin opened the doors to its continuous diagnostics and mitigation lab. Since then, Lockheed has been conducting workshops with chief information security officers, security operations center managers, and cyber analysts. Vicki Schmanske is the vice president of IT and Security Solutions at Lockheed Martin. On the Federal Drive with Tom Temin, she explained the threat landscape and what the DHS Continuous Diagnostics and Mitigation program can do for agencies looking to secure their enterprise networks.

Listen to complete interview