Collaborate Disseminate
Federal agencies are accelerating digital transformation efforts to meet public expectations and comply with mandates, but transitioning securely to platforms like Salesforce often requires specialized help, according to a new e-book.
The post Agencies push for digital transformation amid security challenges appeared first on CyberScoop.
Continue reading Agencies push for digital transformation amid security challenges
A senior CISA official shared details with CyberScoop regarding the incident after the agency notified Congress about it on Friday.
The post Ivanti-linked breach of CISA potentially affected more than 100,000 individuals appeared first on CyberScoop.
Continue reading Ivanti-linked breach of CISA potentially affected more than 100,000 individuals
Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cyber… Continue reading Integrating the Risk Management Framework (RMF) with DevOps
Cyber security assessment initiatives and frameworks abound in the US government, the most important being the Federal Information Systems Management Act (FISMA), passed in 2002. The law’s broad scope included a mandate to the US National Institu… Continue reading 6 Common Compliance Conundrums to Know About
It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting sol… Continue reading How to Pick the Right Solution for FISMA SI-7 Compliance
A majority of federal civilian agencies examined by a government watchdog are struggling to implement cybersecurity programs capable of adapting to a changing threat landscape. “Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” the Government Accountability Office warned in a report Tuesday that assessed security implementation at the departments of Homeland Security, Justice, Energy and others. Seventeen of 23 inspectors general said their agencies’ cybersecurity programs were not being effectively put into place, and that they had “significant information security deficiencies” in financial reporting controls, the GAO said. The audit is a reminder that, despite years of attention and billions of dollars spent, there is often a discrepancy between objectives and results in the cybersecurity of federal agencies. Agencies were considered to have an “effective” cybersecurity program if they had, at a minimum, “quantitative and qualitative measures on the effectiveness of policies, procedures, and strategy” across […]
The post As threats increase, audit finds federal agencies struggle to implement cyber plans appeared first on CyberScoop.
Continue reading As threats increase, audit finds federal agencies struggle to implement cyber plans
Over the next few weeks, I plan to post about the RMF process. This will piggy back on and expand upon the article: My Experience with the DoD Version of the RMF. A little background on how the DoD got to the RMF. For those that have been a… Continue reading DoD RMF Part 1: How We Got to the RMF
Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military pers… Continue reading U.S. Federal IoT Policy: What You Need to Know
The White House’s delay in implementing an important email security protocol leaves its domain names vulnerable to being used in a large-scale phishing attack, according to a new study. Only one of the 26 email domains managed by the Executive Office of the President (EOP) uses the Domain-based Message, Authentication, Reporting and Conformance (DMARC) protocol to block phishing attempts, the nonprofit Global Cyber Alliance said. Eighteen of those domains haven’t started deploying DMARC. A Department of Homeland Security directive gave federal agencies until Jan. 15 to implement DMARC, which creates a public record for checking whether an email sender is authorized to transmit a message on behalf of a domain. Spokespeople for DHS and the National Security Council did not respond to questions on whether the directive applies to the EOP. The White House has previously claimed it was exempt from a governmentwide-reporting requirement under an IT security law. Email domains […]
The post White House email domains are sitting ducks for phishing attacks: study appeared first on Cyberscoop.
Continue reading White House email domains are sitting ducks for phishing attacks: study
Last month I posted some information on several information security framework/standards being updated and sense then there have been updated on all of them. So here we go:
NIST CSF v1.1. The second draft was released at the end of 2017, a… Continue reading March Updates on Frameworks & Standards