The Congressional Budget Office estimates that, when fully implemented, the new activities specified in legislation before Congress would add about 2 percent - roughly $200 million a year - to the annual cost of implementing FISMA.
The White House Office of Management and Budget, in its yearly Federal Information Security Management Act report to Congress, gives departments and agencies mixed grades in their efforts to secure federal IT for fiscal year 2011.
The National Institute for Standards and Technology (NIST) recently released new Federal Information System Management Act (FISMA) guidance in two publications. The aim of the new guidance is to help federal agencies develop a continuous monitoring program as part of a risk management framework. It is also supposed to...
NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.
President Obama, at a Virginia community college, outlines his budget that calls for strengthening government cybersecurity as the administration plans to reduce overall IT spending by more than a half-billion next year.
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
The National Institute of Standards and Technology is seeking public comment on three draft interagency reports that provide guidance on the continuous monitoring of information systems for security vulnerabilities.
One of the most respected CISOs in the federal government, the State Department's John Streufert, is taking his vast knowledge of IT security and continuous monitoring to Homeland Security, as director of the National Cybersecurity Division.
New guidance from the National Institute of Standards and Technology defines an information security continuous monitoring strategy and shows how organizations can create an information security continuous monitoring program.
The shift to monthly reports of key metrics through CyberScope from annual FISMA filings allows security practitioners to make decisions using more information and more quickly than ever before, OMB Director Jacob Lew says.
The soon-to-be issued FY 2011 Chief Information Officer FISMA Reporting Metrics from the Department of Homeland Security will require agencies to report on their progress in automating the continuous measurement of the most critical security risks.
"Organization-wide monitoring cannot be efficiently achieved through manual processes alone or through automated processes alone; however, automation can make the process of continuous monitoring more efficient," NIST says.