An analysis of comments received so far by the National Institute of Standards and Technology to the cybersecurity framework called for by President Obama's February cybersecurity executive order shows respondents so far show risk management approaches to be a matter of nearly universal concern.
The Defense Department plans to take only 30 days to approve new mobile devices rather than the twelve months it currently takes, DoD Deputy Chief Information Officer for Command, Control, Communications and Computers Robert Wheeler said at an April 30 mobility town hall meeting . The longer the DoD takes to approve mobile devices, the more quickly they go out of date, he said.
The National Institute of Standards and Technology released April 30 a revised version of its security control catalog for federal systems, SP 800-53. The revision (.pdf), the fourth version of the security controls catalog, also includes for the first time an appendix of privacy controls.
The National Institute of Standards and Technology released April 30 its fourth version of Special Publication 800-53, the catalog of controls most agencies utilize in their cybersecurity programs. We spoke that day with Ron Ross, NIST Federal Information Security Management Act implementation and leader of the joint task force that put together the new revision.
The National Institute of Standards and Technology says it will establish the first information system security federally funded research and development center. In an April 22 Federal Register notice , NIST says the FFRDC will support its National Cybersecurity Center of Excellence, a public-private cybersecurity effort to find remediation for cybersecurity problems.
Under President Obama's fiscal 2014 budget request NIST would receive a total discretionary budget authority of $934 million, or 19.59 percent more than the current year amount under the continuing resolution when accounting for inflation.
Given the tight timeline, the agency is sorting through comments on its recent request for information --well before the comment period ends April 29. "I've been surprised by the quality of the comments that we've received so far," said Jon Boyens, senior advisor of the computer security division at NIST.
The framework will provide confidence that the essential services that adopters provide will continue to be delivered by critical customers in the face of most cyber incidents directly affecting the adopter, said McConnell. He added that this strategic thinking includes "a lot of qualifiers," meaning that framework will be flexible.
Under the cybersecurity executive order signed by President Obama in February, the National Institute of Standards and Technology is to develop within one year a framework for incorporating "consensus standards and industry best practices" for voluntary adoption by operators of critical infrastructure.
Different agencies face different threat levels and need to tailor their cybersecurity to their own needs, according to a SafeGov report (.pdf) released Tuesday. Different agencies face different threat levels and need to tailor their cybersecurity to their own needs, according to the report.