Within days, the State Department can tell which systems have and have not been patched. When State CISO John Streufert learned of the critical problem posed by the Aurora vulnerability, he didn't have to send an e-mail. The process was automated.
"Folks should not be fearful that if they don't have the skill set, they have to go find a new job because it's my responsibility to make sure that ... we are going to retrain them," says Jerry Davis, NASA deputy chief information officer for security.
The White House takes a significant step to move federal departments and agencies toward real-time monitoring of their computer systems and networks and away from paper filings documenting compliance with the FISMA.
Under the program, the State Department scans every computer and server not less than every 36 hours on eight security factors, resulting in an overall risk reduction of 90 percent on key unclassified networks.
One of the objectives of FISMA reform is to promote real-time metrics to determine IT security, but NIST senior scientist Ron Ross discusses new guidance he co-authored that achieves some of the goals without the need of legislation.
The National Institute of Standards and Technology characterizes its new guidance released this past week as transformational, and no one can speak more authoritative about it than Ron Ross, NIST's highly regarded senior computer scientist, information security researcher and FISMA implementation project leader who...