Sep
28
From: SIGNAL
By Lt. Col. Mark A. Russo, USA (Ret.)
***
Many experts had hoped that the colossal breach of the Office of Personnel Management several years ago might have heralded much-needed focus, energy and funding to defeat the bad guys. That has proved to be an empty hope, and officials have continued to abrogate their authority to lead in cyberspace.
Sep
26
From: GCN
By Matt Leonard
The Department of Homeland Security plans to stand up a federal dashboard next month that will provide cybersecurity data from agencies that have operating sensor networks and internal dashboards.
This will be the next step in a years-long effort to implement continuous diagnostics and mitigation within the federal government, Jeanette Manfra, the assistant secretary in DHS’ Office of Cyber Security, said at a Sept. 25 conference hosted by the Professional Services Council.
Sep
20
From: FedTech
Want to add new cybersecurity tools to your agency’s IT security mix but are wary about where they’re coming from, and what they might do to your networks? The Department of Homeland Security thinks it has a fix.
DHS is rolling out a new supply chain risk management plan for its Continuous Diagnostics and Mitigation program. The goal is to give agencies more information about the products on the CDM program’s “approved products list” (APL) and to bolster confidence in their reliability and security.
Sep
14
From: SCAP Validation Team, NIST SCAP Validation Program
SCAP Community Members,
The SCAP 1.2 validation test suite version 1-2.2.0.0 is now available for download from SCAP Validation Program Publications and Resources webpage. The direct URL is https://scap.nist.gov/validation/downloads/SCAP1.2ValidationTestContent_1-2.2.0.0.zip.
This release adds support for Microsoft Windows 10 32 and 64bit, and Apple Mac OS 10.11 platforms, includes additional test cases for behaviors attributes of the OVAL file_test on Windows, RHEL, and Mac OS X, and addresses several bugs in the validation test content as described in the change log. Please refer to the change log for a complete list of updates.
Sep
12
From: FedTech
Sep
07
From: Bank Info Security
Joshua Brooks understands why those charged with information security compliance can, at times, be overwhelmed when they must deal with frameworks associated with PCI, HIPAA, FedRAMP, ISO 270001 and NIST 800-53, to name a few.
***
In the interview, Brooks:
Sep
06
Editor’s Note: See, Achieving a Cyber-Reliant Infrastructure.
From: National Defense
In December, Congress passed the fiscal year 2017 National Defense Authorization Act, which mandates that the Defense Department implement continuous monitoring using cybersecurity tools in a measure to protect the nation’s information-technology infrastructure from malicious cyber attacks.
***
Another element was “security configuration management.” Like patch management, thousands of out-of-the-box security configuration management policies were deployed to enforce the Defense Information Systems Agency’s security technical information guide controls, which continuously inspect devices for compliance, effectively automating many of the Defense Department’s auditing functions while providing compliance reporting with near real-time data.
Sep
06
From: Nextgov
The coalition of senior White House advisers and tech tycoons that President Donald Trump consults about government problems has finally shared a general plan for catching federal agency technology up to the private sector’s.
***
The report also envisions expanding the Homeland Security Department’s continuous diagnostics and mitigation program—which provides cybersecurity services to federal agencies—to agency data stored in computer clouds.
Sep
01
From: Federal News Radio
By Jason Miller
***
DHS is adding more rigor to vendor supply chains for a governmentwide cybersecurity initiative.
Kevin Cox, the program manager of the continuous diagnostic and mitigation (CDM) program at DHS, said an updated CDM supply chain risk management plan should help agencies be more confident in the cybersecurity products and services they are buying.