NIST SP 800-137

From: US GAO

***

Effective Implementation of the CDM Program Could Improve Information Security at Agencies

The CDM program provides federal agencies with tools and services that are intended to provide them with the capability to automate network monitoring, correlate and analyze security-related information, and enhance risk-based decision making at agency and government-wide levels. These tools include sensors that perform automated scans or searches for known cyber vulnerabilities, the results of which can feed into a dashboard that alerts network managers and enables the agency to allocate resources based on the risk.

From: FCW

By Jeremy Grant

At a time when government networks are increasingly under attack — and government itself is being criticized for not doing enough to respond — the recent award of the Credentials and Authentication Management task order of the Department of Homeland Security’s  Continuous Diagnostics and Mitigation program is a welcome piece of good news.

From: Voice & Data

BlackBerry has announced its crisis communication software-as-a-service, BlackBerry AtHoc, has received Federal Risk and Authorization Management Program (FedRAMP) Authorization.

***

State-of-the-art continuous monitoring and incident response capabilities, complying with FedRAMP standards, will be provided by the newly formed U.S. based BlackBerry Cyber Security Operations Center (CSOC). The CSOC is led by former US Coast Guard CIO and Cyber Commander, RADM (ret) Bob Day who is now the VP of BlackBerry’s Cyber Security Operation Services. Under his leadership, the CSOC will also provide support for future BlackBerry products that are slated for FedRAMP authorization process.

From: FederalNewsRadio.com | 1500 am

By Jason Miller

***

The General Services Administration and the Homeland Security Department continue to send signals of how they will move forward after that initial BPA expires in August 2018.

The latest indication came in the form of a request for information (RFI) to GSA Alliant Small Business contract holders on March 6.

Read Complete Article

From: CyberScoop

Shaun Waterman

***

The report says it “highlights agencies’ performance improvements” across several key cybersecurity goals and metrics, including:

• Continuous monitoring capabilities — providing situational awareness of the computer hardware and software on the agency’s network, and the way endpoints are configured. To qualify as achieving this goal, the 89 agencies covered in the report each must have 95 percent of their assets in each category monitored. The number of agencies qualifying in some categories more than doubled since fiscal 2015.

Read Complete Article

From: ExecutiveBiz

Posted By: Jane Edwards

The General Services Administration and the Department of Homeland Security have issued a request for information that seeks to identify GSA Alliant Small Business governmentwide acquisition contract holders that have potential to provide continuous diagnostics and mitigation support, Federal News Radio reported Monday.

Jason Miller writes the release of the RFI comes as the CDM program’s initial $6 billion blanket purchase agreement issued in 2013 approaches expiration in August 2018.

Read Complete Article

From: The White House

Federal Cybersecurity: Administration Releases Annual Report on Agency Cyber Performance

By: Grant Schneider

Today the Administration is releasing the Fiscal Year (FY) 2016 Federal Information Security Modernization Act of 2014 (FISMA) Annual Report to Congress in accordance with 44 U.S.C. § 3553. The FISMA Report to Congress is the seminal Federal report on cybersecurity. This Report describes the state of Federal cybersecurity, including agency performance against key cybersecurity metrics, the independent reviews of the agency Inspectors General, cybersecurity policy and program updates, and a summary of cybersecurity incidents at agencies in accordance with the FISMA statute.

From: Automation World

Nextnine’s addition of SecurityMatters’ network monitoring and passive discovery and detection capabilities contribute to the current direction of industrial cybersecurity strategies.

From: The Hill

By Morgan Chalfant

Information security officials on Tuesday highlighted the importance of focusing on the time between when a hacker enters a network and when the intruder is expelled.

The metric, called a “dwell time,” is crucial to understanding an organization’s resilience in the wake of cyberattacks, Rod Turk, acting chief information officer at the Department of Commerce, said at a meeting of industry experts and government officials on Tuesday.

Read Complete Article

Editor’s Note: The use of consensus and consortia standards in federal regulatory and procurement activities is government by OMB Circular A-119. See, An Updated Look at the Federal Policies Governing How Agencies Use Voluntary Consensus Standards in Regulatory, Procurement, and Science Documents.

From: SIGNAL

By Sandra Jontz