"Achieving the objective of near real-time risk management means that organizations must have the flexibility to tailor their assessment activities based on where the information system is in its life cycle," NIST's Ron Ross says.
The White House takes a significant step to move federal departments and agencies toward real-time monitoring of their computer systems and networks and away from paper filings documenting compliance with the FISMA.
Why is it so difficult to provide information security for our government computer-based systems? Complexity is a major reason, but the force behind the Consensus Audit Guidelines offers ways to safeguard government IT.
New Federal Information Security Management Act guidance the Office of Management and Budget issue will focus on use of real-time security monitoring, funding IT security and building agency risk profiles.
FISMA reform legislation introduced by Rep. Diane Watson would have a Senate-confirmed White House cybersecurity director and a panel of government IT security specialists direct agencies on how they must safeguard federal digital assets.
NIST SP 800-53 includes several sections that specify requirements for managing passwords used in the datacenter. While many agencies have investigated password management from the end-user perspective, few have addressed the need to manage passwords for elevated privilege accounts used by administrators and...
The final installment of our five-part series on this year's top five federal cybersecurity challenges tackles the growing role the National Institute of Standards and Technology performs in securing government IT.
One of the objectives of FISMA reform is to promote real-time metrics to determine IT security, but NIST senior scientist Ron Ross discusses new guidance he co-authored that achieves some of the goals without the need of legislation.
OMB mulls implementing new metrics as part of the reporting processes by federal agencies required under FISMA that would involve, for the first time, real-time measurements to determine the security of IT assets.