Google Apps gets FISMA-certified for government work
Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail. via Google Apps gets FISMA-certified for government work.
NIST Revises Security Controls Bible SP 800-53A, Revision 1
NIST Special Publication 800-53 – the bible for federal government chief information security officers as well as others charged with securing their organizations IT systems – has been revised by the National Institute of Standards and Technology. NIST Tuesday issued SP 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and [...]
Auditors Fault GSA Travel System Security
Federal auditors have criticized the security and design of a General Services Administration e-travel system, suggesting changes to it as part of a yearly review of the agency's IT process. In the Office of the Inspector General's semiannual report to Congress, auditors said that the GSA's implementation of the E2 Solutions travel management system has [...]
FISMA II Looks to Institute Performance-Based Metrics
With 40 some pieces of cybersecurity legislation pending before Congress, FISMA II is one that has drawn significant attention from the government-contracting world. While most government agencies and federal contractors learned to check the box and implement whatever measures the act set as standards the first time around, the FISMA II will demand more than [...]
OCR Building HIPAA Audit Plan With Outside Help
HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media. The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have [...]
New Policy Revamps Agencies’ Approach To FISMA Compliance
The White House issued new cybersecurity marching orders to government agencies Wednesday, which top officials say will help redirect government efforts from wasteful paperwork compliance toward continuous monitoring and patching and more effective cybersecurity spending…. … Agencies have been spending as much as $1,400 per page on those reports under requirements of the Federal Information [...]
New Law Lets Banks Recover Data Breach Costs – www.esecurityplanet.com
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards. The law, which goes into effect on July 1 in Washington, follows similar laws [...]
FISMA blasted at House hearing
“In my view, the implementation of FISMA has been like getting on a treadmill as a means to go to a destination,” Gilligan said in prepared testimony. “A treadmill is great if all you want is exercise, but it is not the way to reach a destination.,” he added. via FISMA blasted at House hearing [...]
OMB outlines shift on FISMA
In the seven years that it has been the law of the land, FISMA, The Federal Information Security Management Act, has helped raise awareness of the need for information security on the federal government's networks, as well as on the networks supporting private industry. But this latest version of the Office of Management and Budget's [...]
10 Steps To Ace A FISMA Audit
What follows are 10 commonsense steps you can take to prepare for a FISMA audit. While basic FISMA compliance won't always meet every government organization's security requirements–for example, you may be required to implement stricter data control requirements or a more involved change control process–you will have a sturdy base to build on. via 10 [...]
