Agencies may be going about FISMA compliance the wrong way, says Marcus Ranum, chief security officer of Tenable Network Security.
Information sharing is critical but insufficient, White House cyber chief says. Howard Schmidt said the federal government's responsibility is broader than its own systems and that is why any cyber bill needs stronger oversight of critical networks.
The inspector general's office at the Department of Veterans Affairs said it found more than $15,000 security holes at the agency, all dealing with FISMA compliance issues.
The department released a request for information for 11 email and collaboration services in the cloud. The RFI comes after Onix and Google dropped its protest of Interior\'s award to Softchoice and Microsoft for cloud email in October 2010.
Bruce Levinson, with the Center for Regulatory Effectiveness, joined the with Tom Temin and Amy Morris to discuss the center\'s recent survey on agency FISMA compliance.
Auditors find all 24 agencies it reviewed had weaknesses in security controls. GAO also found problems with training and oversight of contractor systems. It recommends OMB and DHS provide better performance metrics.
nCircle, a security and compliance auditing provider, conducted a survey that yielded an increase in the number of agencies considering switching to cloud security, but found that cost may override other security concerns.
House lawmakers want to add the requirement for a White House official to oversee cybersecurty policy and budget across civilian agencies. Rep. Langevin said the current set up with DHS in charge of civilian networks isn\'t good enough. Members also want more attention paid to the security of the supply chain.
DHS, private research groups launch new tools to help agencies and industry close cybersecurity holes. DHS officials liken a rating system to the Energy Star labels that indicate how efficient appliances are.
The Homeland Security Department has issued new cyber security guidance for agencies.
The White House cybersecurity advisor said many of his office\'s initiatives are in the operational stages and are making a difference. But some in industry and government say there is a vacuum in leadership from his office and OMB. Howard Schmidt says it\'s clear what role his office, OMB and DHS play.
The argument is over Google\'s Apps for Government. Google says they\'re FISMA certified. But Microsoft has released some court documents to refute that.
Federal News Radio viewed a copy of the proposal that would codify DHS\'s role in overseeing civilian agency networks. The draft legislation would expand DHS\'s authorities to those that are similar to what DoD already has around cyber. It also would include new roles around acquisition, personnel and FISMA implementation.
\"We are not DHS. We are not DoD,\" says Jerry Horton, chief information officer at USAID.
Microsoft makes court documents public as part of battle to provide cloud services to the Interior Department. Google contends its Google Apps for Government offers more security than FISMA requires.