The National Institute of Standards and Technology released a second draft of Special Publication 800-160, a guidebook for agencies to build cybersecurity processes into their day to day operations.
Cybersecurity experts say the government needs to address gaps in its IT systems and workforce to strengthen its defenses against data breaches, threats that are now a part of everyday federal operations.
Cabinet secretaries, members of Congress, federal leaders and family members celebrated the achievements of 10 federal employees at the 2015 Sammies awards dinner organized by the nonprofit Partnership for Public Service.
If recent events on the cybersecurity front have scared the heck out of you, well, good. There's a lot you can do. How about start by reading the latest version of the government's premier publications on how to assess whether your security and privacy controls are adequate for today's hacker-plagued world? Dr. Ron Ross, FISMA Implementation Project and Joint Task Force Leader at the National Institute of Standards and Technology, joined Tom Temin on the Federal Drive to discuss what's in the newest revision of Special Publication 800-53-A.
Non-federal organizations and contractors may have sensitive federal information on their computers, but there are no consistent rules on how to keep that information secure. The treatment of Controlled Unclassified Information is the focus of a new set of recommendations. Ron Ross is a National Institute of Standards and Technology fellow. He is the lead author of the new guide, and joined Tom Temin on the Federal Drive to explain more.
The National Institute of Standards and Technology has launched a four-part plan to help agencies build more secure IT systems. NIST Computer Scientist Ron Ross, who guided a new publication on the issue, tells the Federal Drive with Tom Temin and Emily Kopp that the same engineering principles that apply to bridges and buildings should apply to IT. That is, security should be built in, not added later.
The goal is to more accurately evaluate the security of the government's computer networks and systems. These efforts could bring more consistency to the cyber auditing process and engender more confidence in its results.
The inconsistent way inspectors general review the security of federal networks and computers is causing uncertainty around what is working and what isn't in the federal government. A recent State Department IG management alert is a prime example of this growing disconnect.
Ron Ross of the National Institute of Standards and Technology wants feedback on the agency's IT security and privacy controls. Deputy Commissioner Wanda Rogers of the Treasury Department's Financial Management Service talks about the final transition to E-Payments. Philip Lohaus is a research fellow with the American Enterprise Institute and former Defense Department analyst who has studied and blogged about how the CIA is two organizations in one.
The agency plans to release solicitations to help agencies implement sensors to detect threats, followed by industry-provided services to analyze them. Congress approved $183 million to begin in 2013 to help get continuous monitoring off the ground more quickly.
Nominees include former White House cybersecurity czar Howard Schmidt, NIST expert Ron Ross and the late government computer security pioneer Lynn McNulty.
NIST, DHS experts say protecting smartphones and tablets shouldn't be any different than securing typical desktop or laptop computers. DHS will release mobile security reference architecture to help agencies understand common concepts. NIST is updating security control guide with 250 new requirements, including mobile controls.
The goal is for independent third party companies to affirm commercial cloud providers meet the FedRAMP cybersecurity requirements. The agencies will model its approach after the one used to accredit vendors to provide products and services under HSPD-12. FedRAMP will not be ready until the fall.