NIST SP 800-137

From: Mobile & Apps

By Jomst C.

The U.S. Food and Drug Authority has released a set of guidelines for keeping medical devices secure from jeopardy and to ensure safety and privacy of the users. The “Postmarket Management of Cybersecurity in Medical Devices” report discusses the importance of device security and reiterating that cyber security is a continuous effort of maintenance and periodical software updates.

***

The blog also said that manufacturers should also take into account cybersecurity when designing and developing devices to assure device performance against threats. Continuous monitoring and prevention of cyber security concerns is a must once the device is sold in the market and is already in use.

From: Lawfare

By Scott Montgomery

The federal government isn’t often held up as a model for IT innovation and efficiency, but there are areas where they should be. An example of a policy directive that has paid dividends is the Continuous Diagnostics and Mitigation (CDM) program, whose aim is to give civilian government agencies a sensible, cost-effective way to upgrade their cybersecurity posture. CDM is available to other organizations as well—such as state, local, regional and tribal governments and the U.S. Department of Defense (DoD)— but the primary target is our civilian departments and agencies, many of which touch citizens. While CDM could have been rolled out more quickly, overall the program has been progressing. Until now.

From: US Dept. of Treasury

Protecting Financial Cyberspace

WASHINGTON – Good morning. Thank you Steve, for that kind introduction, and thank you to the Public Company Accounting Oversight Board for inviting me to speak at your tenth International Institute on Audit Regulation. The PCAOB has been instrumental in protecting investors by enhancing audit quality, and is a shining example of the benefits of audit regulation. I am pleased to be here with you to describe what we have been doing in the financial sector to deal with a significant threat to financial stability—and that is the threat from cyber incidents.

From: GCN

By Cliff Sotnick

Federal agencies are striving to become more innovative and iterative, leading to growing adoption of open source within the government. The issuance earlier this year of the Federal Source Code Policy illustrates how this technology, once anathema to government agencies, has become the de facto standard for the creation and deployment of many applications.

With the explosive adoption of open-source components being used to assemble applications, agency personnel are now tasked with ensuring the quality of the components that are being used. Developers must have confidence in components’ security, licensing and quality attributes and know for certain that they are using the latest versions.

From: CrackBerry

by Bla1Ze

BlackBerry has announced they have named Rear Admiral Robert “Bob” E. Day, Jr., U.S. Coast Guard (Ret.) to lead their forthcoming federal Cybersecurity Operations Center (CSOC) and product FedRAMP initiatives. Having been a key member of BlackBerry’s AtHoc advisory board since retiring in 2014 and serving five years as Chief Information Officer (CIO) and Commander of Coast Guard Cyber Command, Rear Admiral Day brings 34-years of career experience in Federal information technology and cybersecurity to the position.

From: ECommerceTimes

By John K. Higgins

***

While automation could add the element of speed to the cyberprotection process, 55 percent of survey respondents said their agency did not use automated techniques to correlate threat information ascertained from different locations.

***

While the majority of agencies monitor traditional entry points such as mail servers, the Web, and Internet gateways, fewer than half guard data centers, SaaS enforcement points, and mobile endpoints, based on the survey results.

Read Complete Article

From: FederalNewsRadio.com | 1500 AM

By Jason Miller

***

“Synack will be helping with this initiative through our crowdsourced security testing solution,” said a company spokeswoman in an email to Federal News Radio. “Synack’s Red Team, a network of white hat security researchers located around the world, work from an adversarial perspective to uncover hidden vulnerabilities in our customers’ systems, like websites, applications, networks and more. For the IRS, Synack’s vetted Synack Red Team (SRT) will be doing more of the same.”

***