NIST SP 800-137

From: Government Technology

By Jan. 1, 2018, government contractors who work for the Department of Defense (DoD) or the intelligence community are mandated to comply with a NIST special publication 800-171. In addition, these security guidelines from NIST provide a meaningful road map for other government organizations and contractors regarding cybersecurity protections. Here’s an exclusive expert interview that offers details to help.

Dan Lohrmann

***

DL: How can contractors show compliance? What is needed?

From: GCN

By Sara Friedman

***

The continuous monitoring required to maintain cloud security can eat up a supersized portion of time and money.

***

“We spend about 75 percent of our security budget in continuous monitoring in my office alone, and it is too much for any agency or organization to maintain,” FedRAMP Director Matt Goodrich said at a Dec. 7 Digital Government Institute Cloud Computing Conference.  “We are looking to reduce the burden of continuous monitoring — not only in our office but for our vendors as well.”

Read Complete Article

From: FedTech

Agencies need to update IT governance and procurement to be based on mission risks, according to the Department of Homeland Security’s Jeanette Manfra.

by Phil Goldstein

***

Sensors in agency networks give administrators and CISOs visibility into what devices are on the network and how users are acting. Then, that information is standardized and fed into agency dashboards. DHS is working with agencies to produce reports based on those dashboards that let agencies know what their vulnerabilities are and how they can be patched.