DHS Continuous Diagnostics and Mitigation (CDM) is pivotal to improving government cybersecurity. While it’s critical, it has a lot of moving parts–and that can make it difficult to follow. MeriTalk sat down with Kevin Cox to get a handle on the state of CDM, as well as an understanding of where the program goes from here. And, it’s quite a story–so I hope you’re sitting comfortably, feel free to grab a cup of coffee. […]
The Small Business Administration’s (SBA) Office of Inspector General (OIG) found that the agency needs to improve compliance three key pieces of Federal IT Legislation, according to OIG’s semiannual report, released May 25 and covering October 2017 through March 2018. […]
A new White House report says three quarters of Federal agencies are not managing their cybersecurity risk correctly and are consequently at “risk or high risk” of data theft or network intrusion due to poor cybersecurity programs. […]
The House Oversight and Government Reform (OGR) IT subcommittee followed up last week’s release of the sixth FITARA Scorecard (Scorecard 6.0) by releasing a second, more detailed scorecard. It provides insight into each of the categories of FITARA scoring, with methodology, metrics, calculations, and detailed data points on just how well each of the 24 agencies fared. […]
The Department of Labor’s Office of Inspector General (OIG) said the agency needs to improve in two key legislative areas related to IT management, according to OIG’s semiannual report released Tuesday and covering October 2017 through March 2018. […]
It’s not exactly the heist of the century, but the FDIC has stirred up a bit of controversy. Departing FDIC employees downloaded their family photos, personal emails, and the sensitive data of over 100,000 bank customers–oops. Instead of reporting to Congress, the agency stayed mum for months. This earned the agency a strict chiding from their IG in the form of a special inquiry issued on April 16. Fa […]
The Federal Risk and Authorization Management Program (FedRAMP) has released new guidance to help cloud service providers (CSP) better delineate the authority and responsibility shared between providers and government agencies. […]
TalaTek, a risk management company, announced on Feb. 26 that it received a FedRAMP ATO from the Pension Benefit Guaranty Corporation (PBGC) for its Enterprise Compliance Management Solution (ECMS). This cloud-based SaaS allows PBGC to centralize security statistics in real time and see whether it complies with a variety of security frameworks, including NIST security frameworks. […]
The idea of a scorecard seems like a quaint notion, conjuring black and white photos of somebody’s grandad in a fedora, licking the pencil tip before recording the latest play at the old ballgame in his program. […]
The White House Office of Management and Budget issued a memorandum for agencies to submit their Federal Information Security Modernization Act reports to the Government Accountability Office by March 1, 2018. […]
Only one Federal agency achieved the highest scores in each of the cybersecurity framework areas in the Federal Information Security Management Act report for fiscal year 2016. The Federal Election Commission, which governs the financing of Federal elections, received top scores for identifying, protecting, detecting, responding, and recovering from cybersecurity incidents. […]
The General Services Administration’s information security practices contain deficiencies in five of eight FISMA program areas, according to an independent evaluation done by KPMG, a professional auditing company. […]
Agency chief information officers realize the need to convert from on-premise data centers to the cloud, but still find it challenging to convince agency heads that it’s a necessary step. David Bray, CIO of the Federal Communications Commission, said Feb. 8 at the Cloud Computing Caucus Advisory Group meeting, “If you are wedded to legacy systems you are trying to turn a battleship very, very slowly.” […]
The Department of Homeland Security continues to use unsupported operating systems that may expose agency data to unnecessary risks, according to a recent evaluation issued by DHS Office of Inspector General. […]
Centrify and SailPoint Technologies have tools to address the tasks outlined in Phase 2 of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program, according to representatives from the companies and DHS itself. […]
The US-CERT cybersecurity incident notification guidelines that go into effect April 1, 2017, will affect all Federal departments and agencies, as well as state, local, tribal, and territorial government entities, among others. […]
The Office of the Inspector General at the Office of Personnel Management audited the agency’s security programs and practices under the Federal Information Security Modernization Act and found a significant deficiency in OPM’s security management structure. […]
Members of the House Committee on Science, Space, and Technology disagreed on Wednesday on whether the Cybersecurity Responsibility and Accountability Act of 2016 acted as a partisan dig against former Secretary of State and current Democratic presidential nominee Hillary Clinton and her use of a private email server. […]
Cloud computing offers the most security for government data, argued Homeland Security CIO of U.S. Citizenship and Immigration Services Mark Schwartz, at the Akamai Government Forum. […]
The Department of Veterans Affairs is on what appears to be an irreversible losing streak when it comes to its annual cybersecurity audit. Last week, VA’s Office of the Inspector General slapped the agency with a “material weakness” designation for its information security efforts—the 16th year in a row that VA has failed the annual […]
Federal agencies remain woefully behind on cybersecurity, according to the annual cybersecurity compliance report released Friday by the Office of Management and Budget. During the 2015 fiscal year, Federal agencies reported 77,183 cybersecurity incidents, a 10% increase over the incidents reported in 2014. Though the administration believes this increase may be attributed to improved detection […]
Microsoft Azure was selected for a FedRAMP pilot program that will establish a high-impact baseline for cloud-computing services. This essentially allows Federal agencies to move more sensitive data onto contracted cloud-computing services, enabling the sensitive data to operate on the more technically advanced level that is already possible for low-impact data. […]
A representative of a Federal cloud computing industry advisory group filed a formal complaint this week with the General Services Administration’s inspector general alleging officials from FedRAMP issued veiled threats of retaliation against member companies that publicly voiced concerns about problems with the cloud security certification process. […]
The word “other” and other vague terms have infiltrated the naming convention of Federal spending categories and could wreak havoc on project budgets, according to one International Data Corporation official. […]
Data breaches at the Office of Personnel Management (OPM) have prompted a major cybersecurity push in Congress, and two bills propose giving the Department of Homeland Security (DHS) new authority and tools to protect Federal systems. […]
The Federal Information Security Modernization Act, passed this month, brings cybersecurity into the 21st century and changes the rules of the road for Federal employees in IT. […]