Bruce Levinson, with the Center for Regulatory Effectiveness, joined the with Tom Temin and Amy Morris to discuss the center\'s recent survey on agency FISMA co...
wfedstaff | June 4, 2015 1:07 pm
By Jack Moore
Federal News Radio
For federal agencies, staying compliant with FISMA — the Federal Information Security Management Act — can feel like an endless process.
And in the ever-shifting world of federal IT and cybersecurity, to some extent, it is never-ending.
However, there’s a new guide to help agencies meet their continuous monitoring requirements.
Bruce Levinson, the editor of FISMA Focus at the Center for Regulatory Effectiveness, joined the Federal Drive with Tom Temin and Amy Morris to discuss the center’s recent survey on agency FISMA compliance.
That report focused on FISMA best practices, through the lens of one agency’s use of continuous monitoring to combat cyber threats.
NASA’s Earth Observing System and its security team used continuous monitoring to prevent breaches of its systems following the high-profile hack of government contractor RSA, which provides authentication systems to the government.
“Through a combination of initiative and creativity by the NASA EOS Security Team and their use of sophisticated software for continuous monitoring which could adapt to changing needs on-the-fly, the team prevented the agency’s information system security from being breached,” CRE’s report found.
The center, using standards and guidance from the National Institute of Standards and Technology and the Homeland Security Department, points to three broad principles of FISMA compliance:
Levinson said responsibility for agency cybersecurity extends beyond only agency chief information officers and chief information security officers. While those officials set priorities and direction, “we also need to look at the working-level staff,” Levinson said. “These are the people who make it all possible.”
And despite the focus on high-tech fixes and software patches, it’s important to remember not everything can be automated, he added.
CRE’s Federal Cyber Security Best Practices
This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.