Blog Profile: Vivek Kundra, US Government CIO

Apr 27

Editor’s Note:  The following article provides key information about the federal government’s cost-saving “Cloud First” policy including:

  • “$20 billion of the total US Federal Government IT budget of $80 billion has already been identified for the move to cloud. And to ensure that this 25% cloud migration commitment is not stillborn, Kundra and 27 main departmental CIOs have signed up to a “Cloud-First” policy that all must implement by the middle of 2011.

 

Read the full post
Comments (0)

Microsoft Seeks Clarification from NIST with Respect to Continuous Monitoring

Apr 26

The Center for Regulatory Effectiveness (CRE) has obtained, via FOIA request, Microsoft’s comments to NIST on the Initial Public Draft of their continuous monitoring guidance document, SP 800-137.

Microsoft’s comments include a request that NIST “Please clarify what the ‘organization-wide tools’ mentioned” on p. 21 of the draft with respect to continuous monitoring strategy at organizational Tiers 1 and 2.

Microsoft’s complete comments are attached below.  CRE will be releasing the SP 800-137 comments of additional private sector and federal agency stakeholders.

Microsoft_Comments_SP800-137

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Comments (1)

Cybersecurity ‘compliance regime’ a concern on the Hill

Apr 25

From: FierceGovernment IT

Cybersecurity legislation will not solve the challenges faced in public- and private-sector IT, and could result in another security check box instead of a cultural change, said Kevin Gronberg, senior counsel for the House Homeland Security Committee.

Gronberg said that even agencies fully compliant with the Federal Information Security Management Act have suffered massive data breaches.

“I’m concerned that Congress may believe that the debate will be over as soon as the president signs that bill. We need to understand what drives the culture of a secure cyber environment and move our country toward that,” said Gronberg.

Read the full post
Comments (1)

Continuous Monitoring and SAIR Tier III

Apr 18

A draft DHS presentation to the Federal Continuous Monitoring Working Group discusses SAIR (Situational Awareness and Incident Response) Tier III and Continuous Monitoring.

The presentation indicates that the Department is:

  • “Looking at a strategy and alternatives that would allow products to be added as they mature”

  • Considering “releasing a RFI or Draft RFQ in Q4 2011 11”

The complete draft presentation is attached below.

COOSE – Federal Continuous Monitoring Working Group_Mitre_022211

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Comments (21)

White House draft bill expands DHS cyber responsibilities

Apr 15

the bill lets the DHS secretary decide what is critical infrastructure, assess audit systems for cyber resilience and create an industry of third-party accreditors and evaluators to assess private sector owners and operators systems for meeting cybersecurity requirements.

Editor’s Note: The complete story from FederalNewsRadio.com is below.

By Jason Miller
Executive Editor
Federal News Radio

Under a White House plan, the Homeland Security Department will have far-reaching oversight over all civilian agency computer networks.

The proposal would codify much of the administration’s memo from July 2010 expanding DHS’s cyber responsibilities for civilian networks.

Read the full post
Comments (0)