NIST SP 800-137

From: GCN

By Isaac Kohen

Thanks to efforts from the Department of Homeland Security’s Computer Emergency Readiness Team, today’s cyber intelligence is more robust than ever. Among private-sector security professionals, the CERT team is considered a leading source of information regarding cyber threats and defense strategies. However, despite CERT leading the charge on cybersecurity, many federal agencies are lagging behind when it comes to protecting their assets.

This is not merely a matter of opinion. In September 2017 the Government Accountability Office conducted an in-depth study of federal agencies and found persistent weaknesses in cybersecurity practices. This is despite the security innovations of the last decade.

From: Federal News Radio

By Jason Miller

House lawmakers raised new questions Tuesday about the threat of Kaspersky Lab products and why the civilian agencies didn’t act more quickly to remove the company’s products.

***

Wynn said NASA used continuous diagnostics and mitigation (CDM) tools to scan its network and identify any implementations of Kaspersky products. She said the space agency found no “active installations” of Kaspersky.

Read Complete Article

From: FedScoop

Billy Mitchell

***

OPM is not making substantial progress in implementing our FISMA recommendations from prior audits,” the IG said. “While resource limitations certainly impact the effectiveness of OPM’s cybersecurity program, the staff currently in place is not fulfilling its responsibilities that are outlined in OPM policies and required by FISMA.”

The IG found glaring deficiencies, in particular, in OPM’s continuous monitoring, saying though it had established policies and procedures, “the organization has not completed the implementation and enforcement of the policies.”

Read Complete Article

From: CyberScoop

Chris Bing

***

Although OPM has reportedly made improvements in several recognized issue areas, including for example with the agencies’ increased ability to quickly remediate cyberattacks due to a more competent incident response process, it “continues to struggle” in other domains. The OIG took note — repeatedly — of what they precisely described as a longstanding lack of “contingency planning” and a failure to enforce continuous monitoring program policies.

OPM failed to test contingency plans that it had devised — like those used in emergency situations, data breaches and unpredictable system failures — across a number of different divisions; representing a continuation of past problems, the report identified.

From: Federal News Radio

By Jason Miller

The first agency has submitted data to the federal dashboard under the continuous diagnostics and mitigation program, and four others are following closely behind.

Kevin Cox, the CDM program manager for the Homeland Security Department, almost seemed relieved when he announced it at the ACT-IAC Executive Leadership Conference last week.

Read Complete Article

From: MeriTalk

By: Morgan Lynch

The Continuous Diagnostics and Mitigation Program (CDM) last week held its first data exchange between the Federal CDM dashboard and an agency dashboard.

All of the CFO Federal agencies have agency dashboards to comply with the CDM program, and the Federal dashboard is in production, according to Kevin Cox, CDM program manager for Network Security Development, at the Department of Homeland Security.

Read Complete Article