The FISMA Focus IPD

Editor’s Note:  NIST’s Federal Register notice is a demonstration of the agency’s commitment to developing security documents through open, transparent processes.

Attached below is an advance copy of NIST’s Federal Register notice requesting comment on the draft of Special Publication 500-293, US Government Cloud Computing Technology Roadmap, Release 1.0 (Draft).

The National Institute of Standards and Technology (NIST) publishes this notice to seek public comments on the first draft of Special Publication 500-293, US  Government Cloud Computing Technology Roadmap, Release 1.0 (Draft). This document is intended to be the mechanism to define and communicate interoperability, portability, and security requirement priorities that must be met in terms of standards, guidance and technology for U.S. Government (USG) agencies to accelerate their adoption of cloud computing.

From: CircleID

Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity. What is not yet clear is what form the regulations will take. FISMA controls, performance standards, consensus standards and industry-specific consortia standards are all possible regulatory approaches. What is not likely is an extended continuation of the current situation in which federal authorities have only limited, informal oversight of private sector cyberdefenses (or lack thereof).

From: FederalNewsRadio.com 1500AM

By Jason Miller

FedRAMP is one step closer to becoming a reality. The General Services Administration, the Defense Department and Homeland Security Department sent the final policy memo to the Office of Management and Budget for review in September.

Dave McClure, GSA’s associate administrator in the Office of Citizen Services and Innovative Technologies, said today the cloud computing security standards are ready to go and now it’s just a matter of finalizing the policy memo for FedRAMP to kick off.

But McClure cautioned the cloud security process will not meet full operational capability until about a year after OMB signs out the final policy memo.

NIST has released a bulletin which summarizes the information in SP 800-137,  Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.  NIST states that,

The bulletin explains the importance of information system continuous monitoring in protecting information systems and information, the role of ISCM in the Risk Management Framework, the integration of ISCM in organizational risk assessment activities, and the details of the organizational ISCM process. References are provided to additional sources of information on ongoing monitoring of information systems and on the Risk Management Framework.

The bulletin is attached below.

CONTINUOUS MONITORING OF INFORMATION SECURITY

From: NIST

After years in the works and 15 drafts, the National Institute of Standards and Technology’s (NIST) working definition of cloud computing, the 16th and final definition has been published as The NIST Definition of Cloud Computing (NIST Special Publication 800-145).

Cloud computing is a relatively new business model in the computing world. According to the official NIST definition, “cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”