Blog Posts Tagged with "FISMA"

69dafe8b58066478aea48f3d0f384820

Howard Schmidt on Federal Cyber Security Priorities

March 27, 2012 Added by:Headlines

"Federal Departments and Agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management," said Schmidt...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

NIST Draft Addresses Security Threats and Privacy Controls

March 07, 2012 Added by:David Navetta

NIST notes that many of the changes were driven by particular security issues and challenges requiring greater attention including, insider threats, mobile and cloud computing, application security, firmware integrity, supply chain risk, and advanced persistent threats...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DHS's Mark Weatherford on the Cybersecurity Act of 2012

February 23, 2012 Added by:Headlines

"The proposed legislation would enable DHS to be more effective and efficient in its protection of federal networks by clarifying DHS’ authorities in this space and enabling better sharing of cybersecurity information from other federal agencies to DHS..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FTC Removed Security Protocols from Website Contract

February 21, 2012 Added by:Headlines

The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...

Comments  (0)

0ff0a77035f9569943049ed3e980bb0d

Roadmap to Exploitation: The OIG Imperative to Publish or Perish

January 23, 2012 Added by:

The majority of OIG organizations publish highly sensitive information as if they were assisting the agency. Just the opposite. They are ensuring a more rapid penetration of cyber defenses. Whose side of the equation here are you on? Why does this need to be public information?

Comments  (9)

69dafe8b58066478aea48f3d0f384820

GSA Final Rule Requires Vendor Proof of Security

January 10, 2012 Added by:Headlines

The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

GAO: Federal Security Incidents Increased 650%

October 04, 2011 Added by:Headlines

"Weaknesses in information security policies and practices at 24 major federal agencies continue to place... sensitive information and information systems at risk... reports of security incidents from federal agencies are on the rise, increasing over 650 percent over the past 5 years..."

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance

April 14, 2011 Added by:Anton Chuvakin

FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Microsoft Slams Google Over FISMA Certification Claims

April 12, 2011 Added by:Headlines

"Google can’t be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application?"

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

If Not The PCI Standards, Then What?

March 08, 2011 Added by:PCI Guru

As a new technology matures its security posture matures. With a more mature security posture, the lower the likelihood that a security incident will occur. However, the time it takes for that security maturity to occur can take quite a while and that is where organizations are at the highest risk...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Proactive and Continuous Compliance? For Real?

February 24, 2011 Added by:Anton Chuvakin

Is continuous compliance a reality at your organization? Are you doing something 9, 6, 3 months before the annual PCI DSS assessment? Do you meet the auditor once a year? Or do you make an effort to stay compliant?

Comments  (0)

21d6c9b1539821f5afbd3d8ce5d96380

On The Frontlines: Cloud Computing in Government

October 30, 2010 Added by:Kevin L. Jackson

Showcasing the positive progress of Federal Government Agencies and their strategic partners in meeting the goals of their Mission Programs. This issue, Cloud Computing in Government, features the Trends and Best Practices on Cloud Computing in Government...

Comments  (0)