Tag:

continuous monitoring

Latest Headlines

Latest Headlines

Streufert: Agencies aren't dropping out of DHS continuous monitoring program

Reports that major federal departments are refusing to participate in a Homeland Security Department-led contract for continuous monitoring tools are untrue, said a DHS official Tuesday.

Integrate cybersecurity with federal cloud computing adoption, says Karen Evans

A paper co-authored by a former government executive who occupied the position now known as the federal chief information officer recommends greater integration of cybersecurity efforts with federal cloud adoption.

Auditors highlight weak cybersecurity practices at DHS

Components of the Homeland Security Department continue to have weak cybersecurity practices, particularly with the security authorization process, the departmental inspector general says.

OMB pushes continuous monitoring in cybersecurity memo

Agency cybersecurity practices should move beyond the three year cycle of system authorizations into a state of continuous monitoring of security control implementation by the end of fiscal 2017, says a Nov. 18 memo from the Office of Management and Budget.

GSA's continuous monitoring BPA to streamline DHS dot-gov oversight

The General Services Administration, working on behalf of the Homeland Security Department's continuous diagnostics and mitigation program, unveiled Aug. 12 a blanket purchase agreement for continuous monitoring as a service. CMaaS, as it's being called by GSA, will be offered as a variety of related products and services at various price points.

'Significant deficiencies' in VA cybersecurity

Significant deficiencies in configuration management and identity management pervaded Veterans Affairs Department information technology during the last fiscal year, says an audit commissioned by the department's office of inspector general.

'Significant deficiency' with Social Security Administration cybersecurity, say auditors

Weaknesses in Social Security Administration cybersecurity during the last fiscal year collectively amounted to a significant deficiency, says the agency's office of inspector general. They base their finding of a significant deficiency also on financial auditor's discovery of a material weakness in agency financial systems.

DHS continuous monitoring can't automatically track devices or connections

In an annual  assessment  (.pdf) dated Oct. 24 of the DHS information security program required under the Federal Information Security Management Act, auditors note several areas where DHS has yet to fully automate matters, including the tracking of network devices, external connections and software applications.

OMB has authority to make federal cybersecurity more dynamic, says report

The Office of Management and Budget has "ample legal authority to adopt reforms," say authors of the  report  (.pdf)--who include former OMB executives, including Karen Evans who occupied the equivalent position of federal chief information officer during much of the Bush administration and cybersecurity experts including James Andrew Lewis of CSIS.

OMB waives 3-year security reauthorization in favor of continuous monitoring

The Office of Management and Budget says agencies no longer need to conduct a security reauthorization every 3 years or when an information system has undergone what it considers a significant change under OMB Circular A-130. Agencies' continuous monitoring programs fulfill the security reauthorization requirement, making a separate reauthorization process unnecessary, according to an Oct. 2 OMB memo.