NIST SP 800-137

From: FCW

By Derek B. Johnson

Approximately three out of four federal agencies are at significant risk from cyber attackers, according to a May 2018 report from the Office of Management and Budget.

***

Agencies also lack a standardized set of cybersecurity tools – something the government hopes to address through programs like Continuous Diagnostics and Mitigation. CDM is designed to scan federal networks, quickly identify unauthorized users or programs and kick them off. However, the program has been beset by numerous implementation delays over the years. Most agencies are still in Phase 1, which focuses on identifying what’s on the network; DHS is hoping that a re-tooled contracting process will help the program better gel with agency needs and priorities.

From: FCW

By Mark Rockwell

The General Services Administration is making cybersecurity services simpler for federal acquisition professionals to order via a special item number on the Schedule 70 IT acquisition vehicle.

The SIN consolidates and categorizes product offerings under the Continuous Diagnostics and Mitigation program into product families that make them easier to find in the thousands of offerings on the schedule. Roughly 30,000 different tools — approximately half of the full CDM approved products list — are available via the SIN, Larry Hale, director of the IT security subcategory for GSA’s Federal Acquisition Service, said on the sidelines of an FCW industry event. Those products contract currently are offered via eight systems integrators, Hale said, noting that he is eager to add more contractors.

From: FedScoop

Carten Cordell

***

In addition to incorporating the Department of Homeland Security’s Continuous Diagnostics and Mitigation program into its cybersecurity protections, Cussatt said VA is also looking at machine learning applications to reveal cyber vulnerabilities on its network, including from its inventory of medical devices.

As for future operations, the CISO said that VA has implemented both the cybersecurity and risk management frameworks designed by the National Institute of Standards and Technology and will position its security operations centers on an intelligence-driven model.

Read Complete Article

From: FCW

By Derek B. Johnson

The federal government is making big strides in its effort to get a real-time picture of agency computer network activity. By the end of May or early June, the Department of Homeland Security expects to have all 23 major agencies connected to the federal dashboard housed at the National Cybersecurity and Communications Integration Center.

Currently, 15 of the 23 agencies covered under the Chief Financial Officers Act are connected, according to Kevin Cox, program manager of the Continuous Diagnostics and Mitigation Program at DHS.

Read Complete Article

From: FCW

By Derek B. Johnson

***

The document, which will guide DHS policy for the next five years, articulates the department’s cybersecurity role as almost entirely defensive in nature. It lays out five “pillars” of managing cybersecurity risk: understanding the evolving nature of threats from state and non-state actors, protecting federal networks and critical infrastructure sectors, countering transnational criminal hacking groups, imposing consequences on nation states for malicious cyber activity and globally promoting best practices around cybersecurity.

***

From: FedScoop

Carten Cordell

As the Department of Homeland Security moves closer to connecting agencies of all sizes to its Continuous Diagnostics and Mitigation program, officials are looking for other cybersecurity offerings the program could develop as a shared service provider.

CDM program manager Kevin Cox told FedScoop on Thursday that as the department works to incorporate smaller agencies onto a multi-tenant platform of continuous monitoring services, it’s also exploring what cybersecurity tools it could deploy across the executive branch.

Read Complete Article

From: MeriTalk

The Department of Homeland Security expects 17 more Federal agencies to have new task orders finalized by the end of summer to support further rollout of the Continuous Diagnostics and Mitigation Program, according to CDM Program Manager Kevin Cox.

The CDM DEFEND task orders for Groups C, D, and E of the CDM program now have a projected timeframe for when the contracts will go out, Cox said at MeriTalk’s Tenable GovEdge 2018 Conference on May 3.

Read Complete Article