The FISMA Focus IPD

From: Federal Information & News Dispatch, Inc.

Testimony by Suzanne Spaulding, Under Secretary, National Protection and Programs Directorate And Phyllis Schneck, Deputy Undersecretary for Cybersecurity, National Protection and Programs Directorate

National Coordinating Center for Communications Operations

The proposed increase of three positions and $1 million in funding to the NCC will maintain 24×7 communications infrastructure response readiness and requirements coordination between FSLTT and industry responders. Due to the loss of staff previously provided to DHS from the Department of Defense on a non-reimbursable basis, the NCC will no longer be able to provide 24×7 readiness without these additional resources.

From: Risk.net

Author: Jessica Meek

Boards may need to step up their cyber expertise to deal with growing cyber threats

Lack of experience and expertise in technical matters may be intimidating boards trying to deal with the growing cyber threat, Carolyn DuChene, deputy comptroller for operational risk at the Office of the Comptroller of the Currency (OCC), warns.

From: The Washington Post

By Mohana Ravindranath

Federal cyber security measures related to cloud computing could be evolving faster than the IT procurement process.

The General Services Administration recently issued a transition plan helping cloud computing service providers understand which versions of an evolving security standard they must adhere to.

The GSA’s Federal Risk and Authorization Program, called FedRAMP, is a system of standardized security assessments authorizing cloud service providers to sell to the federal government. The FedRAMP management office said updates to the security requirements are expected to be published on June 1, 2014.

From: The Hill

By Timothy Cama

The Department of Energy (DOE) issued recommendations Monday for how the energy industry and its suppliers should build cybersecurity protections into power delivery systems.

The guidance lays out language that utilities and other should use in the procurement process to ensure that they’re buying the right products and features to keep the electric grid safe from cyber attacks, DOE said. It followed a 2009 guidance on cybersecurity that focused on power control systems. 

From: Dark Reading

SEC asks 50 businesses for copies of their security policies, procedures, and controls in an effort to help the industry bolster cybersecurity protection. 

The Securities and Exchange Commission plans to study the information security policies, procedures, and levels of preparedness of businesses in the financial services sector.

In an announcement issued earlier this month, the SEC’s Office of Compliance Inspections and Examinations (OCIE) said it would be “conducting examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity” — government-speak for anything involving information, computers, and security.