According to the result of a new survey published by MeriTalk, an online community for government IT professionals, 85 percent of federal information security leaders have not utilized CyberScope, an online reporting tool designed to reduce the amount of wasted dollars the government spends annually on cyber security compliance reports. Of those that have used CyberScope, the survey entitled “FISMA’s Facelift: In the Eye of the Beholder,” found that everyone has given the tool an “A” or “B” rating.
If you had any question whether app stores were a passing fad, the answer probably lies with apps.gov, an app store by and for government agencies……
The GSA also takes care of all the acronyms as well. The sites are FISMA and 508 compliant, and the relevant PIAs have been completed, which is bureaucratic shorthand for saying the apps passed a security test, are accessible to those with disabilities and have fulfilled the relevant privacy reporting requirements
CyberScope is supposed to be the federal government’s new standard tool for continuous security monitoring. So far, however, the vast majority of federal CIOs say they don’t understand the technology’s mission and goals, and only 15 percent have used it at all.
The deadline for filing FISMA security compliance reports using the new CyberScope tool is Nov. 15.
Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail.
Continuous monitoring is at the center of proposed reform to FISMA, which is currently maligned as being an exercise in paperwork rather than an effective guide for cybersecurity.
The National Institute of Standards and Technology (NIST) has released a list of 17 frequently asked questions about continuous monitoring.
With 40 some pieces of cybersecurity legislation pending before Congress, FISMA II is one that has drawn significant attention from the government-contracting world. While most government agencies and federal contractors learned to check the box and implement whatever measures the act set as standards the first time around, the FISMA II will demand more than that: Instead of being compliance focused, the new bill will introduce performance-based standards and guidelines.
The White House issued new cybersecurity marching orders to government agencies Wednesday, which top officials say will help redirect government efforts from wasteful paperwork compliance toward continuous monitoring and patching and more effective cybersecurity spending….
… Agencies have been spending as much as $1,400 per page on those reports under requirements of the Federal Information Systems Management Act….
“In my view, the implementation of FISMA has been like getting on a treadmill as a means to go to a destination,” Gilligan said in prepared testimony. “A treadmill is great if all you want is exercise, but it is not the way to reach a destination.,” he added.
In the seven years that it has been the law of the land, FISMA, The Federal Information Security Management Act, has helped raise awareness of the need for information security on the federal government's networks, as well as on the networks supporting private industry.
But this latest version of the Office of Management and Budget's FISMA report to Congress pulls into focus the ways that the Obama Administration wants to change how the federal government complies with FISMA at a time when cyberthreats are escalating.
What follows are 10 commonsense steps you can take to prepare for a FISMA audit. While basic FISMA compliance won't always meet every government organization's security requirements–for example, you may be required to implement stricter data control requirements or a more involved change control process–you will have a sturdy base to build on.