Editor’s Note: OMB Memorandum M-14-03, “Enhancing the Security of Federal Information and Information Systems,” is attached here.
From: FierceGovernmentIT
By David Perera
Agency cybersecurity practices should move beyond the three year cycle of system authorizations into a state of continuous monitoring of security control implementation by the end of fiscal 2017, says a Nov. 18 memo from the Office of Management and Budget.
The memo (.pdf), applicable to non-national security systems, calls on agencies to develop a security control continuous monitoring strategy by the end of February in cooperation with the Homeland Security Department.
The plan is to phase in continuous monitoring of control implementation, with the first phase consisting of hardware and software asset management; configuration settings; and common vulnerability management–although “agencies are expected to automate the monitoring of security controls whenever feasible.”
Leave a Reply