From: InformationWeek/Government
The Obama administration issues new guidelines for continuous monitoring programs to bolster information security.
The Office of Management and Budget (OMB) has directed the heads of all federal departments and agencies to implement measures to safeguard federal information systems and the information they process and store.
Among other measures, the OMB has made cybersecurity one of 14 cross-agency performance priority goals that agencies are responsible for achieving. And the memo to federal agencies provides guidelines for managing information security risks through continuous monitoring processes established by the National Institute of Standards and Technology.
OMB Director Sylvia Burwell said in the memo that all agencies must establish information security continuous monitoring (ISCM) programs that help them manage security risks and address how they authorize information systems (and the environments in which they operate) on an ongoing basis. “All strategies must address the agencies’ plans for transitioning to and maintaining consistency with federal information security policies, standards, and guidelines.”
To firm up the nation’s cybersecurity approach, Burwell also directed agencies to develop plans in coordination with the Department of Homeland Security (DHS).
Another critical component of the OMB’s initiative to fully implement ISCM across the government is a push for standardization. Burwell said ISCM must become an “agency-wide solution” for deploying products and services. Under the DHS Continuous Diagnostics and Mitigation (CDM) Program, federal, state, and local governments can deploy a basic set of capabilities for continuous monitoring as part of a blanket purchase agreement (BPA).
Leave a Reply