SSA should keep a close eye on computer access, IG says — Federal Computer Week

Posted by on November 20, 2009 No comments

The Social Security Administration needs to be more vigilant in controlling employees access to the agency’s systems, according to a new audit.

The auditors examined SSA’s compliance with the Federal Information Security Management Act (FISMA) in fiscal 2009. Overall, the agency passed the test, generally fulfilling federal requirements, according to the audit released by SSA Inspector General Patrick O’Carroll.

via SSA should keep a close eye on computer access, IG says — Federal Computer Week.

NIST updates cybersecurity guidance 800-37

Posted by on November 20, 2009 No comments

New guidance for managing cybersecurity in federal agencies has come from the National Institute of Standards and Technology. A newly released version of Special Publication 800-37 updates recommendations for how to certify and accredit computer systems as secure

via Federal News Radio 1500 AM: NIST updates cybersecurity guidance.

When a Shopping Cart is Not PCI Compliant: Three Options for Merchants

Posted by on November 20, 2009 No comments

… more than 350 shopping carts, by Practical eCommerce's count, available to merchants have not been PA-DSS certified.

via When a Shopping Cart is Not PCI Compliant: Three Options for Merchants | Practical eCommerce.

Survey: Many Business Associates Unprepared To Secure Health Data – iHealthBeat

Posted by on November 20, 2009 No comments

Many companies that do business with health care providers are unprepared to comply with the strengthened health data protection rules included in the federal economic stimulus package, according to a new HIMSS Analytics survey, Healthcare IT News reports (Monegain, Healthcare IT News, 11/17).

via Survey: Many Business Associates Unprepared To Secure Health Data – iHealthBeat.

New laws on patient security breaches mean your associate contracts probably need updating

Posted by on November 16, 2009 No comments

Now, under the HITECH Act, policing will become a two-way street — the business associate also must monitor the physician's compliance.

via amednews: New laws on patient security breaches mean your associate contracts probably need updating :: Nov. 16, 2009 … American Medical News.

iPhone and Mobile compatible version launched

Posted by on November 14, 2009 No comments

Now ComplianceSoftware.org is available in mobile formatiphonecs

Federal Data Security Law: ‘Careful What You Wish For’ – Network World

Posted by on November 14, 2009 No comments

A federal cybersecurity law edged closer to reality late last week when the Senate Judiciary Committee approved a bill to protect the personal data of Americans. The bill is a bipartisan effort sponsored by Chairman Patrick Leahy, D-Vt., and co-sponsored by former Chairman Orrin Hatch, R-Utah, that would, among other things, force companies and data brokers to institute data privacy and security programs.

via Federal Data Security Law: ‘Careful What You Wish For’ – Network World.

State Department FISMA report is 95,000 pages

Posted by on November 14, 2009 No comments

Every three years, agencies submit reports to the Office of Management and Budget documenting their inventory of network security vulnerabilities and the steps they’re taking to fix them.

The detailed reports — typically produced at a cost of tens of millions of dollars — often fill dozens of binders; the State Department’s last report was 95,000 pages.

John Streufert, State’s chief information security officer, printed one last month to bring to a Senate hearing. It took four days to print. “And it was outdated by the time I finished printing it,” he said.

via State Department – FederalTimes.com.

Health Care Companies Not Ready for HITECH Act

Posted by on November 13, 2009 No comments

More than 90 percent of health care companies are not ready to comply with the privacy and security provision of the Health Information Technology for Economic and Clinical Health Act, according to a survey conducted by the Ponemon Institute and sponsored by Crowe Horwath

via Health Care Companies Not Ready for HITECH Act.

PCI DSS: No Angel, But Certainly Not the Devil

Posted by on November 11, 2009 No comments

We will briefly counter his objections as well as remind everybody that yearning for pre-PCI world is reckless and dangerous, since for many organizations “PCI level” of security is way above their current posture, however unbelievable it may sound to security literati.

via PCI DSS: No Angel, But Certainly Not the Devil.