Tag Archives: FISMA

CXOtoday.com > IT-GRC Solution on Cloud

Posted by on February 18, 2010 No comments

There is built in framework support for RBI Compliance, NSE, BSE, MCDEX, PCI, ISO, COBiT, SOX, BASEL II, HIPAA, FISMA, and other country specific frameworks which are ready to use. SecureGRC has a not-so-far-seen value-add in terms of integrating, synergizing and transforming information from various sources into alert raising actionable solutions, helping in identifying the source of the attempted attack through pattern and correlation analysis, and plugging the loop hole before it takes major dimensions.

via CXOtoday.com > News > Web Technologies > Government > eGestalt’s Security and IT-GRC Solution on Cloud.

OMB, NIST release draft of new FISMA metrics

Posted by on December 12, 2009 No comments

The National Institute of Standards and Technology and the Office of Management and Budget are proposing 11 new performance metrics to guide agencies in how they measure their computer network security.

via Federal News Radio 1500 AM: OMB, NIST release draft of new FISMA metrics.

New Report Helps Enterprises Choose Their Own DAM Products – database security/Security – DarkReading

Posted by on December 2, 2009 No comments

Some DAM products provide features for privileged-user monitoring and basic database auditing, two areas that have historically been underserved. Need more? The use of DAM technology is starting to be considered an essential control when demonstrating compliance with industry regulations and standards that require regular review of logs — a category that includes PCI DSS, HIPAA, the Gramm-Leach-Bliley Act, FISMA, and Sarbanes-Oxley.

via New Report Helps Enterprises Choose Their Own DAM Products – database security/Security – DarkReading.

SSA should keep a close eye on computer access, IG says — Federal Computer Week

Posted by on November 20, 2009 No comments

The Social Security Administration needs to be more vigilant in controlling employees access to the agency’s systems, according to a new audit.

The auditors examined SSA’s compliance with the Federal Information Security Management Act (FISMA) in fiscal 2009. Overall, the agency passed the test, generally fulfilling federal requirements, according to the audit released by SSA Inspector General Patrick O’Carroll.

via SSA should keep a close eye on computer access, IG says — Federal Computer Week.

State Department FISMA report is 95,000 pages

Posted by on November 14, 2009 No comments

Every three years, agencies submit reports to the Office of Management and Budget documenting their inventory of network security vulnerabilities and the steps they’re taking to fix them.

The detailed reports — typically produced at a cost of tens of millions of dollars — often fill dozens of binders; the State Department’s last report was 95,000 pages.

John Streufert, State’s chief information security officer, printed one last month to bring to a Senate hearing. It took four days to print. “And it was outdated by the time I finished printing it,” he said.

via State Department – FederalTimes.com.

IG: Interior fails to comply with FISMA again – FierceGovernmentIT

Posted by on November 9, 2009 No comments

The Department of the Interior has once again failed to comply with the Federal Information Security Act in fiscal 2009, the department’s inspector general said last week. A new IG report blamed a decentralized organization structure, fragmented IT governance processes, lack of oversight, bureau resistance to departmental guidance and use of under-qualified personnel to perform significant IT securities duties.

via IG: Interior fails to comply with FISMA again – FierceGovernmentIT.

Vivek Kundra: Cybersecurity dashboard on its way

Posted by on November 7, 2009 No comments

The Cyberscope system, a new tool released by The Office of Management and Budget that allows federal agencies to report FISMA compliance through an authenticated web-based reporting, is a step in that direction. “We’re moving from a manual, reporting-based, compliance-focused approach to a real-time measurement of actual cybersecurity,” said Kundra, of the “Cyberscope” system that debuted in October. “You cannot address real-time threats with a solution that’s focused on reporting requirements on a quarterly basis.”

via ExecutiveBiz Blog» Blog Archive » Vivek Kundra: Cybersecurity dashboard on its way.

Automated FISMA Reporting Tool Unveiled

Posted by on October 31, 2009 No comments

The Office of Management and Budget this month unveiled an interactive collection tool called CyberScope that should help agencies fulfill their IT security reporting requirements under the Federal Information Security Management Act.

via Automated FISMA Reporting Tool Unveiled.

DHS agencies don’t sustain info security programs, IG says — Federal Computer Week

Posted by on October 31, 2009 No comments

Homeland Security Department agencies don’t sustain their information security programs year-round or perform continuous monitoring to maintain systems’ accreditations and action plans, according to DHS Inspector General Richard Skinner.

The IG’s findings come from an annual independent evaluation of the department’s information security programs required by the Federal Information Security Management Act (FISMA)

via DHS agencies don’t sustain info security programs, IG says — Federal Computer Week.

Federal Taskforce To Focus On Cybersecurity Metrics — Cybersecurity — InformationWeek

Posted by on October 6, 2009 No comments

FISMA metrics need to be rationalized to focus on outcomes over compliance,” Kundra wrote in a blog post announcing the move. “Doing so will enable new and actionable insight into agencies #FISMA

via Federal Taskforce To Focus On Cybersecurity Metrics — Cybersecurity — InformationWeek.