Editors Note. The ultimate responsibility for cybersecure operations is that of the operator. To this end, CRE hosts a number of websites with information generated from authors around the world. Thanks to ePublishing who states: “Fanatical 24 x 7 Service “–Our approach to service and support defines ePublishing and is singularly unique in the marketplace. Problems are addressed within minutes, turnaround times on new feature and functionality requests are very fast – and with engineers monitoring our support portal around-the-clock, you can be assured your site is our top priority”, CRE has an affordable continuous monitoing system in place. http://epublishing.com/
NIST convened a Roundtable on Federal Government Engagement in Standards that included senior federal officials and industry leaders on standards. Participants discussed the role of voluntary standards in addressing cybersecurity and other national priorities.
OMB Circular A-119, which sets Executive Branch standards policy, recognizes a role for non-consensus consortia standards as well as for consensus standards. When asked about the role of consortia standards in meeting federal standards needs, however, the panelists had no clear answer. There was recognition that the market-driven consortia process can develop standards more quickly than a traditional consensus standards process and there was discussion of federal use of de facto industry IT standards. There was concern though that federal use of consortia standards could potentially give an undue advantage to specific companies.
NIST has announced that it will hold a public meeting on January 25, 2011 “to discuss the Federal government’s role in standards development and use to address national priorities.” NIST notes that achieving national priorities such as cybersecurity “depends upon interoperable standards. Consensus standards for these new technology sectors are helping drive innovation, economic growth, and job creation.”
The meeting will include a moderated panel discussion to discuss issues including “What is an appropriate role for the Federal government in convening industry stakeholders and catalyzing standards development and use? How should the Federal government engage in sectors where there is a compelling national interest? How are existing public-private initiatives in standardization working?”
NIST’s revised FISMA implementation schedule omits publishing and requesting comment on a second public draft of their guidance document, SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations.
The agency’s previous schedule called for the first public draft (1PD) of SP 800-137 to be released in November, a second public draft (2PD) to be released in Februarywith a final public draft (FPD) to be released in May and the final document to be published in June 2011.
The most recently revised schedule omits the second public draft and projects that the final public draft will be released in May with final document publication expected in August 2011.
OMB Memorandum M-11-08 transmitted a memorandum to agency heads from the Director of the Information Security Oversight Office and the National Counterintelligence Executive explaining that, in coordination with OMB, they will “evaluate and assist agencies to comply with the assessment requirement and provide assistance to agency assessment teams. Their support will include periodic on-site reviews of agency compliance where appropriate.”
The memo calls for agency teams to complete their internal assessments by January 28, 2011.
The agency self-assessment items are drawn fron FISMA, various Executive Orders and other relevant laws.
The OMB Memorandum (with attachments) is attached below.