Tag Archives: government

Government Ready For Cybersecurity Deadline

CyberScope represents a major shift in the way federal agencies report their compliance with the Federal Information Security Management Act, the law governing government cybersecurity. The goal, officials have repeatedly said since announcing the tool late last year, is to place an emphasis on operational security as opposed to meaningless, once-a-year compliance reporting.

via Government Ready For Cybersecurity Deadline, Officials Say — Government Security.

Feds Get Their Own App Store | Epicenter | Wired.com

If you had any question whether app stores were a passing fad, the answer probably lies with apps.gov, an app store by and for government agencies……

The GSA also takes care of all the acronyms as well. The sites are FISMA and 508 compliant, and the relevant PIAs have been completed, which is bureaucratic shorthand for saying the apps passed a security test, are accessible to those with disabilities and have fulfilled the relevant privacy reporting requirements

via Feds Get Their Own App Store | Epicenter | Wired.com.

NIST reduces and consolidates its labs in reorganization — Government Computer News

The National Institute of Standards and Technology has completed its first major reorganization in 20 years. It has reduced the number of laboratories, realigned the remaining ones along mission-based lines and created a more hierarchical leadership structure.

The reorganization, which became effective Oct. 1, replaces the single deputy director under NIST Director Patrick Gallagher with three career associate directors and reduces the number of laboratories from 10 to six. The Information Technology Lab, which includes the Computer Security Division, is one of the six. The realignment does not change the focus of NIST programs or the underlying missions, said IT Lab Director Cita Furlani.

via NIST reduces and consolidates its labs in reorganization — Government Computer News.

Fed Study: 85 Percent Of Agencies Still Not Using CyberScope – compliance/Security – DarkReading

CyberScope is supposed to be the federal government’s new standard tool for continuous security monitoring. So far, however, the vast majority of federal CIOs say they don’t understand the technology’s mission and goals, and only 15 percent have used it at all.

The deadline for filing FISMA security compliance reports using the new CyberScope tool is Nov. 15.

via Fed Study: 85 Percent Of Agencies Still Not Using CyberScope – compliance/Security – DarkReading.

Google Apps gets FISMA-certified for government work

Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail.

via Google Apps gets FISMA-certified for government work.

NIST Revises Security Controls Bible SP 800-53A, Revision 1

NIST Special Publication 800-53 – the bible for federal government chief information security officers as well as others charged with securing their organizations IT systems – has been revised by the National Institute of Standards and Technology.

NIST Tuesday issued SP 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations. This latest guidance is aimed at helping agencies implement continuous monitoring of their IT systems as they move away from the traditional paper-based compliance rules under the Federal Information Security Management Act.

via NIST Revises Security Controls Bible.

Auditors Fault GSA Travel System Security

Federal auditors have criticized the security and design of a General Services Administration e-travel system, suggesting changes to it as part of a yearly review of the agency's IT process.

In the Office of the Inspector General's semiannual report to Congress, auditors said that the GSA's implementation of the E2 Solutions travel management system has security and usability issues that, among other things, don't properly measure the performance of the system and make it unfriendly for users, particularly disabled ones.

via Auditors Fault GSA Travel System Security — Government Travel — InformationWeek.

FISMA II Looks to Institute Performance-Based Metrics

With 40 some pieces of cybersecurity legislation pending before Congress, FISMA II is one that has drawn significant attention from the government-contracting world. While most government agencies and federal contractors learned to check the box and implement whatever measures the act set as standards the first time around, the FISMA II will demand more than that: Instead of being compliance focused, the new bill will introduce performance-based standards and guidelines.

via FISMA II Looks to Institute Performance-Based Metrics | The New New Internet.

OCR Building HIPAA Audit Plan With Outside Help

HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media.

The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have a timetable for when the audit plan begins.

via OCR Building HIPAA Audit Plan With Outside Help.

New Policy Revamps Agencies’ Approach To FISMA Compliance

The White House issued new cybersecurity marching orders to government agencies Wednesday, which top officials say will help redirect government efforts from wasteful paperwork compliance toward continuous monitoring and patching and more effective cybersecurity spending….

… Agencies have been spending as much as $1,400 per page on those reports under requirements of the Federal Information Systems Management Act….

via New Policy Revamps Agencies’ Approach To FISMA Compliance – DarkReading.