FISMA – WindowsTechs.com

Ivanti-linked breach of CISA potentially affected more than 100,000 individuals

Posted on March 29, 2024 by Tim Starks

A senior CISA official shared details with CyberScoop regarding the incident after the agency notified Congress about it on Friday.

The post Ivanti-linked breach of CISA potentially affected more than 100,000 individuals appeared first on CyberScoop.

Continue reading Ivanti-linked breach of CISA potentially affected more than 100,000 individuals→

Integrating the Risk Management Framework (RMF) with DevOps

Posted on August 14, 2020 by Anastasios Arampatzis

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cyber… Continue reading Integrating the Risk Management Framework (RMF) with DevOps→

6 Common Compliance Conundrums to Know About

Posted on May 14, 2019 by Tripwire Guest Authors

Cyber security assessment initiatives and frameworks abound in the US government, the most important being the Federal Information Systems Management Act (FISMA), passed in 2002. The law’s broad scope included a mandate to the US National Institu… Continue reading 6 Common Compliance Conundrums to Know About→

How to Pick the Right Solution for FISMA SI-7 Compliance

Posted on March 11, 2019 by Megan Freshley

It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting sol… Continue reading How to Pick the Right Solution for FISMA SI-7 Compliance→

As threats increase, audit finds federal agencies struggle to implement cyber plans

Posted on December 19, 2018 by Sean Lyngaas

A majority of federal civilian agencies examined by a government watchdog are struggling to implement cybersecurity programs capable of adapting to a changing threat landscape. “Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” the Government Accountability Office warned in a report Tuesday that assessed security implementation at the departments of Homeland Security, Justice, Energy and others. Seventeen of 23 inspectors general said their agencies’ cybersecurity programs were not being effectively put into place, and that they had “significant information security deficiencies” in financial reporting controls, the GAO said. The audit is a reminder that, despite years of attention and billions of dollars spent, there is often a discrepancy between objectives and results in the cybersecurity of federal agencies. Agencies were considered to have an “effective” cybersecurity program if they had, at a minimum, “quantitative and qualitative measures on the effectiveness of policies, procedures, and strategy” across […]

The post As threats increase, audit finds federal agencies struggle to implement cyber plans appeared first on CyberScoop.

Continue reading As threats increase, audit finds federal agencies struggle to implement cyber plans→

DoD RMF Part 1: How We Got to the RMF

Posted on October 1, 2018 by sgt_mjc

Over the next few weeks, I plan to post about the RMF process. This will piggy back on and expand upon the article: My Experience with the DoD Version of the RMF. A little background on how the DoD got to the RMF. For those that have been a… Continue reading DoD RMF Part 1: How We Got to the RMF→

U.S. Federal IoT Policy: What You Need to Know

Posted on September 19, 2018 by Justin Sherman

Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military pers… Continue reading U.S. Federal IoT Policy: What You Need to Know→

White House email domains are sitting ducks for phishing attacks: study

Posted on April 4, 2018 by Sean Lyngaas

The White House’s delay in implementing an important email security protocol leaves its domain names vulnerable to being used in a large-scale phishing attack, according to a new study. Only one of the 26 email domains managed by the Executive Office of the President (EOP) uses the Domain-based Message, Authentication, Reporting and Conformance (DMARC) protocol to block phishing attempts, the nonprofit Global Cyber Alliance said. Eighteen of those domains haven’t started deploying DMARC. A Department of Homeland Security directive gave federal agencies until Jan. 15 to implement DMARC, which creates a public record for checking whether an email sender is authorized to transmit a message on behalf of a domain. Spokespeople for DHS and the National Security Council did not respond to questions on whether the directive applies to the EOP. The White House has previously claimed it was exempt from a governmentwide-reporting requirement under an IT security law. Email domains […]

The post White House email domains are sitting ducks for phishing attacks: study appeared first on Cyberscoop.

Continue reading White House email domains are sitting ducks for phishing attacks: study→

March Updates on Frameworks & Standards

Posted on March 5, 2018 by Michael R. Brown

Last month I posted some information on several information security framework/standards being updated and sense then there have been updated on all of them. So here we go:

NIST CSF v1.1. The second draft was released at the end of 2017, a… Continue reading March Updates on Frameworks & Standards→

Framework/standard updates coming

Posted on February 6, 2018 by Michael R. Brown

Well, it’s early 2018 and there are several information security framework/standards being updated:

NIST CSF v1.1. The second draft was released at the end of 2017, and we just wrapped up the comment period on this. I believe the plans ar… Continue reading Framework/standard updates coming→