NIST SP 800-137

From: Reuters via MSNBC

From: FedScoop

Karen Epper Hoffman

Mindful of all the federal contractors who have made news in recent years for their connections to leaked defense-related information, the U.S. government has upped the requirements surrounding insider threat training for defense contractors.

The new requirement—part of National Industrial Security Program Operating Manual (NISPOM) Change 2, which went into effect May 31— demands that all cleared government contractors must complete insider threat employee awareness training prior to being granted access to classified information, and they must go through training annually.

Read Complete Article

From: JD Supra

In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules.

In complying with the New York State Department of Financial Services (DFS) cybersecurity regulation, financial institutions have a choice.  They can either employ “continuous monitoring” or, instead, conduct annual “penetration testing” and bi-annual “vulnerability assessments.”

***

From: CommsTrader

Radware security survey shows that four in five executives have implemented more reliance on automated security solutions

by Ian Taylor

Radware, a leading provider of cyber security and application delivery solutions, this week announced the release of its 2017 Executive Application & Network Security Survey, which found that four in five executives have implemented more reliance on automated security solutions, while one-third trust automated systems more than humans to protect their organisation.

From: SIGNAL | The Cyber Edge

By Bob Gourley and Jane Melia

***

For those agency heads tasked with ultimate accountability for managing cyber risk under the presidential executive order signed May 11, the good news is that many federal technology leaders are selected because they don’t shy away from challenges. Their approaches hold great promise in improving cybersecurity and reducing digital risk.

From: FedTech

The Internet of Things presents great opportunities for the private sector and federal agencies, but a lack of consensus on security protocols invites threats.

by Phil Goldstein

***

Cloud platforms enable IoT connectivity but also invite security challenges, GAO says. For example, agencies and companies are dependent on cloud providers to carry out key security functions, such as continuous monitoring and incident response. Cloud may also increase the risk that data may be accessed by an excessive amount of personnel for unauthorized purposes. And the complexity of cloud environments also poses increased risks.

From: RSA

How do federal agencies and contractors stay compliant? Let us count the ways: meeting FISMA requirements, adapting to NIST 800-53 revisions, moving to the cloud and using FedRAMP and FITARA, factoring in unique department/agency directives, keeping up with new compliance demands, working around budget constraints—and that’s just for starters.

***

Make no mistake: Continuous monitoring can provide a more mature and nuanced understanding of risk. But to fully realize its potential, federal IA professionals must learn how to focus their finite resources where they’re needed most and use them with maximum efficiency.