May
31

Will New Jersey Be the First State to Hire a Chief Artificial Intelligence Officer?

From: Government Technology

New Jersey Chief Technology Officer Dave Weinstein spoke about the growing cyberthreat against the state, and how automation could help the resource-constrained state.

by

TRENTON, NJ — Cybersecurity and artificial intelligence (AI) are the future of state IT, according to New Jersey Chief Technology Officer Dave Weinstein. While working in the executive branch to help modernize and secure critical systems, Weinstein admits that the state is generally still in a “fact-finding, data-gathering mode.”

***

May
24

DHS cyber sees big boost in Trump budget request

From: FedScoop

***

The spending would cover cybersecurity work with the private sector companies that own and operate the nation’s vital industries, like banking, telecommunications and power — as well as funding for two key governmentwide programs that strengthen the security of federal civilian .gov networks:

  • $279 million for the Continuous Diagnostics and Mitigation program. CDM provides cybersecurity hardware, software, and services to departments and agencies from a centralized fund. The request would more than double CDM’s budget, up from about $102 million last year.

May
16

NIST Opens Comment Period on NISTIR 8170, DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies

From: NIST

Announcing Comment Period for NISTIR 8170, DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies

Email comments to: nistir8170@nist.gov (Subject: “Comments on Draft NISTIR 8170”) Comments due by: June 30, 2017

Further, aggregating essential information from [Security Assessment Report] SARs , [Plan of Action and Milestones] POA&Ms, and [System Security Plan] SSPs enables security Authorization decisions through continuous monitoring. Security control assessments, remediation actions, and key updates to the SARs, POA&Ms and SSPs for the system-at-hand can be considered in the context of the organization’s aggregate risk. The risk register is also curated using the on-going risk changes tracked through Risk Management Framework (RMF) Monitor activities. The risk register is a tool that helps the AO understand if accepting the system risk will drive overall risk beyond organizational tolerance. Organizing the risk register according to the language of the Core also enables a larger group of people to participate in and inform the Authorization decision. In particular, the understandable language of Functions and Categories of the Core enables non-cybersecurity experts to participate.
***
SP 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations, supports the ongoing monitoring of security controls and the security state of systems. 800-137 provides guidance on developing an agency-wide information security continuous monitoring (ISCM) strategy and implementing an ISCM program. An ISCM program assists federal agencies in making informed risk management decisions by providing ongoing awareness of threats, vulnerabilities, and security control effectiveness.

May
09

DHS Delivers Study on Gov’t Mobile Device Security to Congress

From: American Security Today

By Tammy Waitt

***

Key recommendations include:

***

  • Enhance Federal Information Security Modernization Act (FISMA) metrics to focus on securing mobile devices, applications and network infrastructure.
  • Include mobility within the Continuous Diagnostics and Mitigation program to address the security of mobile devices and applications with capabilities that are on par with other network devices (e.g., workstations and servers).

Read Complete Article

May
04

Agencies Adopt New Cybersecurity Tools in the Post-Snowden Era

From: FedTech

Feds turn to anti-scraping tools and to deactivating removable hardware as part of new security protocols.

by

***

Taking a Layered Security Approach

Chris Wlaschin, CISO at the Health and Human Services Department, says his agency has made “tremendous strides” in increasing its ability to detect and respond to cyberattacks. As an example, he says the department has exceeded the federal targets for Personal Identity Verification protections for privileged and unprivileged users. HHS is also implementing the first of the four-phase Continuous Diagnostics and Mitigation cybersecurity program led by the Department of Homeland Security. That program provides agencies with tools and capabilities to regularly identify and mitigate risks.