NIST SP 800-137

From: Federal Times

By: Tony Ware

The National Gallery of Art has released a request for information to identify IT security management firms who could support the 1,000-person organization’s Information Security Continuous Monitoring program.

Following an Office of Management and Budget memo on “Enhancing the Security of Federal Information and Information Systems,” the gallery’s information systems security officer has developed a program consistent with OMB policy and National Institute of Standards and Technology guidelines.  

Read Complete Article

From: eWeek

By Jeffrey Burt

The Industrial Internet Consortium’s blueprint addresses security from multiple angles and touches on safety, reliability and privacy.

***

The industry consortium this week published the Industrial Internet Security Framework, a dense blueprint designed to address the broad array of security issues concerning the industrial internet of things (IIoT), the increasingly connected and interconnected systems that run the world’s industrial operations.

***

From: FedTech

The Department of Homeland Security’s Continuous Diagnostics and Mitigation program is one tool agencies are using to get ahead of threats.

by Phil Goldstein

What if federal agencies could do more than just react to cybersecurity threats and data breaches and actually get out in front of them? That’s the world the Department of Homeland Security (DHS) wants for the executive branch.

The use of predictive security tools, security intelligence and DHS’ Continuous Diagnostics and Mitigation (CDM) program could help agencies get there, according to federal officials who spoke this week on a panel at Meritalk’s Cybersecurity Brainstorm conference in Washington, D.C.

From: MeriTalk

By: Eleanor Lamb

***

Turk and Mark Kneidinger, director of Federal Network Resilience (FNR) Division for the Department of Homeland Security (DHS) both said at MeriTalk’s Cyber Security Brainstorm that there is no silver bullet to a predictive cyber posture. They said that most Federal agencies are drafted to be defensive and reactive rather than offensive and predictive.

***

One solution to assessing risks and predicting attacks is DHS’s Continuous Diagnostics and Mitigation (CDM) program, according to Tim McBride, Director of Operations of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology (NIST). CDM, which Kneidinger described as a part of the silver bullet, offers tools for Federal agencies to identify cybersecurity risks on a continuous basis.

From: Homeland Security Today

The Department of Homeland Security (DHS) has selected cybersecurity firm Imperva’s SecureSphere Web Application Firewall and SecureSphere Database Firewall for inclusion in its Continuous Diagnostics and Mitigation (CDM) Tools/Continuous Monitoring as a Service Blanket Purchase Agreement (BPA).

The CDM program is designed to provide federal agencies with the tools necessary to fortify the cybersecurity of computer networks and systems. DHS is responsible for the implementation of the CDM program. Imperva said the company is one of a group of less than 20 vendors approved for Phase 3 of the CDM and will partner with top government system integrators to deliver its solutions through the CDM program.