FISMA

  • Despite a 2006 mandate to secure mobile devices and implement two-factor authentication, only just over half of federal agencies have managed to do so. OMB submits its annual FISMA report to Congress detailing the steps the government has taken to improve cybersecurity, including spending $12 billion on cybersecurity last year.

    March 21, 2011
  • Rep. Jim Langevin (D-R.I.) has introduced the Executive Cyberspace Coordination Act.

    March 16, 2011
  • NIST has updated its Cybersecurity Recommendations for Government. Learn how your agency will be able to better manage information security risks from project leader for FISMA implementation, Ron Ross.

    March 08, 2011
  • The National Institute of Standards and Technology has released the final version of its guidelines for information risk management.

    March 04, 2011
  • The U.S. Department of Agriculture now has a blooming relationship with Microsoft. Earlier this month, Microsoft and the USDA reached an agreement to have Microsoft host email for as many as 120,000 employees. The company will also manage the USDA’s software and networks, as part of the agreement. USDA employees currently use 21 different email [...]

    December 28, 2010
  • National Institute of Standards and Technology guidelines are out. NIST\'s Rob Ross explains the new standards.

    December 17, 2010
  • Google will soon be fighting for room on the cloud with rival Microsoft. Microsoft recently received Federal Information Security Management Act certification for cloud computing data centers — about five months after Google gained approval. “Meeting the requirements of FISMA is an important security requirement for U.S. Federal agencies,” Microsoft’s Senior Director of Risk and [...]

    December 15, 2010
  • Two good pieces of news for Microsoft on the cloud computing front. Microsoft has received its FISMA certification. Microsoft CTO Susie Adams said in a company blog post, “Adding FISMA to our existing list of accreditations provides even greater transparency into our security processes and further reinforces our commitment to providing secure cloud computing options [...]

    December 12, 2010
  • The added accreditation brings greater transparency security to the cloud, says the Microsoft blog.

    December 06, 2010
  • This week host Tom Temin talks with Ron Ross of NIST and Nicole Dean, deputy director of the National Cyber Security Division. November 25, 2010 (Encore Presentation)

    November 22, 2010
  • Apps.gov, the GSA’s cloud-based storefront, will soon offer storage, virtualization and Web hosting applications to government agencies. Vendors with an infrastructure-as-a-service contract will provide their services on the website. Apps.gov will alleviate the federal IT strain on storage, computing power and website hosting. The new cloud infrastructure will also eliminate the need for agencies to [...]

    November 16, 2010
  • October 27th, 2010 Representative Jim Langevin of Rhode Island and the Honorable Tom Davis discuss the reform of the 2002 Federal Information Security Management Act (FISMA) and the pending Congressional Cybersecurity bills.

    October 29, 2010
  • This week host Tom Temin talks with Ron Ross of NIST and Nicole Dean, deputy director of the National Cyber Security Division. September 16, 2010

    September 16, 2010
  • People exercise risk management, consciously and unconsciously, every day. Many of us drive on a daily basis. Some speed, and risk the chance of getting caught, while others are more conservative and drive the exact speed limit. We base our decision on whether or not to exceed the speed limit on the information available to us at the time, including our knowledge, past experiences, or the conditions we see in front of us. We weigh the risks against impacts and consequences, making decisions based upon our tolerance for the outcomes. The same is true for federal cyber risk management. Securing federal information and assets in cyberspace is the primary driver behind cybersecurity. Even so, other factors help define risk, including the potential for negative publicity if a cyber breach occurs, the impact to budget/performance plans if FISMA grades fall short, or the potential for investigations or congressional hearings if the burning issue of the day burns a bit too bright for too long. Federal cyber risk management fundamentally boils down to making risk decisions based upon an agency\'s risk tolerance - and the drivers behind an agency\'s tolerance vary across the federal government. Risk is defined as the likelihood of a future event that may have unintended or unexpected consequences. Federal agencies make the best cyber risk management decisions by using data and information to evaluate the agency\'s strengths and weaknesses for delivering on its cyber mission in the context of potential threats. Agencies must use information and data from various disparate sources across the enterprise to make these decisions, including audit log information, vulnerability data, asset information, the agency\'s regulatory compliance status, external and internal threat activity, human capital risks to the cybersecurity mission, and many more. As challenging as it may be for agencies to consume large volumes of disparate data, it is a challenge that is essential to overcome for agencies to make the best cyber risk management decisions. Is this achievable? Absolutely. The business intelligence movement established the foundation allowing agencies to minimize risk exacerbated by ad-hoc decision-making. Leveraging business intelligence capabilities for cybersecurity enables agencies to aggregate data across technical and organizational stovepipes and to provide agency cybersecurity leaders with mechanisms for making informed, risk decisions. By better understanding the cyber landscape, federal cybersecurity leaders can - much like our speeding driver example - understand \"how fast\" to drive and make better investment decisions when addressing enterprise cybersecurity risks.

    September 16, 2010