Tag Archives: FISMA

Survey: Federal IT leaders lack confidence in CyberScope |

According to the result of a new survey published by MeriTalk, an online community for government IT professionals, 85 percent of federal information security leaders have not utilized CyberScope, an online reporting tool designed to reduce the amount of wasted dollars the government spends annually on cyber security compliance reports. Of those that have used CyberScope, the survey entitled “FISMA’s Facelift: In the Eye of the Beholder,” found that everyone has given the tool an “A” or “B” rating.

via Survey: Federal IT leaders lack confidence in CyberScope |.

Feds Get Their Own App Store | Epicenter | Wired.com

If you had any question whether app stores were a passing fad, the answer probably lies with apps.gov, an app store by and for government agencies……

The GSA also takes care of all the acronyms as well. The sites are FISMA and 508 compliant, and the relevant PIAs have been completed, which is bureaucratic shorthand for saying the apps passed a security test, are accessible to those with disabilities and have fulfilled the relevant privacy reporting requirements

via Feds Get Their Own App Store | Epicenter | Wired.com.

Fed Study: 85 Percent Of Agencies Still Not Using CyberScope – compliance/Security – DarkReading

CyberScope is supposed to be the federal government’s new standard tool for continuous security monitoring. So far, however, the vast majority of federal CIOs say they don’t understand the technology’s mission and goals, and only 15 percent have used it at all.

The deadline for filing FISMA security compliance reports using the new CyberScope tool is Nov. 15.

via Fed Study: 85 Percent Of Agencies Still Not Using CyberScope – compliance/Security – DarkReading.

Google Apps gets FISMA-certified for government work

Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail.

via Google Apps gets FISMA-certified for government work.

NIST Releases Continuous Monitoring FAQs

Continuous monitoring is at the center of proposed reform to FISMA, which is currently maligned as being an exercise in paperwork rather than an effective guide for cybersecurity.

The National Institute of Standards and Technology (NIST) has released a list of 17 frequently asked questions about continuous monitoring.

via NIST Releases Continuous Monitoring FAQs | The New New Internet.

FISMA II Looks to Institute Performance-Based Metrics

With 40 some pieces of cybersecurity legislation pending before Congress, FISMA II is one that has drawn significant attention from the government-contracting world. While most government agencies and federal contractors learned to check the box and implement whatever measures the act set as standards the first time around, the FISMA II will demand more than that: Instead of being compliance focused, the new bill will introduce performance-based standards and guidelines.

via FISMA II Looks to Institute Performance-Based Metrics | The New New Internet.

New Policy Revamps Agencies’ Approach To FISMA Compliance

The White House issued new cybersecurity marching orders to government agencies Wednesday, which top officials say will help redirect government efforts from wasteful paperwork compliance toward continuous monitoring and patching and more effective cybersecurity spending….

… Agencies have been spending as much as $1,400 per page on those reports under requirements of the Federal Information Systems Management Act….

via New Policy Revamps Agencies’ Approach To FISMA Compliance – DarkReading.

OMB outlines shift on FISMA

In the seven years that it has been the law of the land, FISMA, The Federal Information Security Management Act, has helped raise awareness of the need for information security on the federal government's networks, as well as on the networks supporting private industry.

But this latest version of the Office of Management and Budget's FISMA report to Congress pulls into focus the ways that the Obama Administration wants to change how the federal government complies with FISMA at a time when cyberthreats are escalating.

via Federal News Radio 1500 AM: OMB outlines shift on FISMA.

10 Steps To Ace A FISMA Audit

What follows are 10 commonsense steps you can take to prepare for a FISMA audit. While basic FISMA compliance won't always meet every government organization's security requirements–for example, you may be required to implement stricter data control requirements or a more involved change control process–you will have a sturdy base to build on.

via 10 Steps To Ace A FISMA Audit — FISMA — InformationWeek.