CRE/FISMA Focus will be reporting from the 24th Annual FISSEA (Federal Information Systems Security Educators’ Association) conference hosted by NIST. The conference “Bridging to the Future – Emerging Trends in Cybersecurity” will be held on March 15 -16 at NIST’s Gaithersburg, MD campus.
The conference agenda is attached below. Interested persons may register for the conference at https://www.fbcinc.com/nist_FISSEA/atreg1.aspx
Draft_FISSEA-conference-agenda
NIST states that their draft Continuous Monitoring Technical Reference Architecture document “is broadly applicable to diverse networks including industry, civilian government, state government, tribal, and military networks. Expected users of this document include Chief Information Security Officers, Chief Technology Officers, security tool vendors, security tool testing laboratories, security program managers, and enterprise architects.”
NIST noted that their participation in developing the Continuous Asset Evaluation, Situational Awareness and Risk Scoring (CAESARS) Reference Architecture “led to an architectural design that could support industry as well as government and a design well integrated with existing and emerging security automation standards.”
The unclassified summary of DHS’ Inspector General audit of “enterprise-wide security program and practices for its Top Secret/Sensitive Compartmented Information intelligence systems” found that the “department continues to maintain an effective enterprise-wide information security management program for its intelligence systems. Overall, information security procedures have been documented and adequate security controls have been implemented.”
The report notes, however, that “management oversight and operational issues remain regarding the effectiveness of the program. We have concerns with the documentation for the Coast Guard Intelligence Support System certification and accreditation package and the information system security training and awareness program for intelligence personnel.”
An Audit Report by the Department of Energy’s Inspector General found that, although the Federal Energy Regulatory Commission had taken steps to ensure Critical Infrastructure Protection (CIP) “cyber security standards were developed and approved, our testing revealed that such standards did not always include controls commonly recommended for protecting critical information systems. In addition, the CIP standards implementation approach and schedule approved by the Commission were not adequate to ensure that systems-related risks to the Nation’s power grid were mitigated or addressed in a timely manner.”
The Center for Strategic & International Studies’ Commission on Cybersecurity for the 44th Presidency has released a follow-up to its report Securing Cyberspace for the 44th Presidency. The new report, Cybersecurity Two Years Later — Measuring Progress, highlights the role OMB has played in advancing cybersecurity policy. The report states,
In the White House, the Office of Management and Budget (OMB) has been a source of progress. It is making significant revisions to the implementation process for the Federal Information Security Management Act (FISMA) to create a dynamic and automated assessment of agencies’ security. It is developing focused standards for “cloud” security. These initiatives will make the federal government more efficient, and they substantially reinforce cybersecurity in the “dot gov” environment.
Cybersecurity Two Years Later – Measuring Progress (January 2011)
