The National Institute of Standards and Technology is seeking public comment on three draft interagency reports that provide guidance on the continuous monitoring of information systems for security vulnerabilities.
One of the most respected CISOs in the federal government, the State Department's John Streufert, is taking his vast knowledge of IT security and continuous monitoring to Homeland Security, as director of the National Cybersecurity Division.
As organizations move to the continuous monitoring of their IT systems to assure they're secure, they rely much more on automated processes. But don't forget the role people play.
New guidance from the National Institute of Standards and Technology defines an information security continuous monitoring strategy and shows how organizations can create an information security continuous monitoring program.
The shift to monthly reports of key metrics through CyberScope from annual FISMA filings allows security practitioners to make decisions using more information and more quickly than ever before, OMB Director Jacob Lew says.
The soon-to-be issued FY 2011 Chief Information Officer FISMA Reporting Metrics from the Department of Homeland Security will require agencies to report on their progress in automating the continuous measurement of the most critical security risks.
Computer scientists at the National Institute of Standards and Technology have released five draft documents on various aspects of information security, and NIST is seeking comments on those drafts.
"Organization-wide monitoring cannot be efficiently achieved through manual processes alone or through automated processes alone; however, automation can make the process of continuous monitoring more efficient," NIST says.
Within days, the State Department can tell which systems have and have not been patched. When State CISO John Streufert learned of the critical problem posed by the Aurora vulnerability, he didn't have to send an e-mail. The process was automated.
"Folks should not be fearful that if they don't have the skill set, they have to go find a new job because it's my responsibility to make sure that ... we are going to retrain them," says Jerry Davis, NASA deputy chief information officer for security.
The White House takes a significant step to move federal departments and agencies toward real-time monitoring of their computer systems and networks and away from paper filings documenting compliance with the FISMA.
Under the program, the State Department scans every computer and server not less than every 36 hours on eight security factors, resulting in an overall risk reduction of 90 percent on key unclassified networks.
One of the objectives of FISMA reform is to promote real-time metrics to determine IT security, but NIST senior scientist Ron Ross discusses new guidance he co-authored that achieves some of the goals without the need of legislation.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
