Some federal agencies are choosing to buy continuous monitoring tools independently of the Homeland Security Department-set schedule for the Continuous Diagnostics and Mitigation Program despite forfeiting DHS procurement money for those tools.
An effort to align defense and federal civilian cybersecurity guidance culminated this month with the Defense Department jettisoning its specialized certification and accreditation process.The change is an expected one that grew in likelihood as the DoD and NIST actively sought over the past few years through a joint task force common ground in their cybersecurity guidance documents.
An Obama administration effort to replace online passwords with an "identity ecosystem" led by the National Institute of Standards and Technology would receive $24.5 million under the White House budget proposal for the coming fiscal year.
A new generation of smart systems that network previously stand-alone devices – such as your thermostat – also bring the potential for dramatic new cyber attacks, says the National Institute for Standards and Technology. In newly released details of the agency's budget proposal for the coming year, NIST says it needs $18.8 million to study "cyber-physical systems," with $5 million of that dedicated to improving their security.
Problems with encryption and access control are common among the systems used to process Medicaid claims, says a report from the Health and Human Services Department office of inspector general.
A significant unsolved challenge to cyber threat information sharing between the federal government and the private sector is how to address liability, said outgoing National Security Agency head Gen. Keith Alexander.
Reports that major federal departments are refusing to participate in a Homeland Security Department-led contract for continuous monitoring tools are untrue, said a DHS official Tuesday.
The likely next head of Cyber Command and the National Security Agency told Senators during a Tuesday confirmation hearing that the United States military posture in cyberspace has been reactive, rather that proactive. Vice Adm. Mike Rogers – President Obama's pick to replace Gen. Keith Alexander as the dual-hatted commander of Cyber Command and the NSA – testified before the Senate Armed Services Committee.
A Homeland Security Department official touted agency use of a machine-to-machine format for sharing cyber threat information during a March 7 hearing. It's rolling out a standardized way of representing cyber threat information in a structured way – in a manner that computers can understand – called the Structured Threat Information Expression.
What's worked for laptops and desktops won't work for mobile devices when it comes to verifying users' identity, says the National Institute of Standards and Technology. Enter what NIST calls a "derived credential," a way of taking the identity verification and encryption key infrastructure built up since 2004 for the identity smartcards and applying it to mobile devices.