A new GAO report released yesterday found that while the Centers for Disease Control and Prevention (CDC) has made progress in implementing its information security program, deficiencies still put agency systems at risk. […]
An audit of the Pension Benefit Guaranty Corporation (PBGC) to ensure adequate compliance with the Federal Information Security Management Act (FISMA) shows a need for improvement in IT security. […]
A newly issued Government Accountability Office (GAO) report highlights gaps in implementing Federal guidance on cybersecurity at major agencies in fiscal year 2017, finding 35,277 cybersecurity incidents. […]
The Department of Transportation’s (DoT) Inspector General has flagged several broad cybersecurity categories as “top management challenges” for the agency in FY 2019, including what it called some “longstanding security weaknesses.” […]
A new report on FISMA compliance from the Office of the Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Bureau of Consumer Financial Protection (CFPB) found that the bureau has consistently implemented its information security programs but also called on CFPB to strengthen its enterprise risk management program, among other recommendations. […]
Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the Department of Homeland Security, said today that the new update to Federal Information Security Modernization Act (FISMA) guidance will place even more accountability on department leaders and reflects an evolution in discussions between agencies and DHS. […]
The Office of Management and Budget (OMB) released its updated fiscal year 2019 guidance and deadlines for the Federal Information Security Modernization Act of 2014 (FISMA), containing similar deadlines and requirements to the prior year but featuring new language on using Continuous Diagnostics and Mitigation (CDM) vehicles for acquisitions of monitoring tools. […]
Federal CIO Suzette Kent called today’s first official test of the National Wireless Emergency Alert System a “historic event,” highlighting the test as evidence of the expanding role of mobile technologies and their impact on a broader effort toward digital transformation in the Federal government. […]
Federal CIO Suzette Kent said today that the Office of Management and Budget (OMB) is working with the Department of Homeland Security (DHS) to update metrics for Federal Information Security Modernization Act (FISMA) reporting, and said that agencies are seeing progress in those metrics, which are being tracked in a newly added category in the Federal IT Acquisition Reform Act (FITARA) scorecard. […]
The Department of Homeland Security is working with multiple Federal agencies to develop a new “risk radar” that will help agencies’ top executives contextualize cybersecurity risk and clarify where they need to apply focus and resources, according to Mark Kneidinger, director of the Federal Network Resilience division of DHS’ Office of Cybersecurity and Communications (CS&C). […]
The National Security Agency’s (NSA) Office of Inspector General (OIG) has for the first time released its semi-annual report to Congress as an unclassified document, and in the process shed light on IT deficiencies at the agency. The report, released Wednesday and covering the period of October 1, 2017 to March 31, 2018, highlights multiple audits that found numerous issues in the governance of NSA’s IT infrastructure and its subsequent ability to mitigate cybersecurity risk. […]
During a General Services Administration (GSA) webinar on July 18, officials explained why Federal agencies should use GSA tools to move to the cloud, how agencies can utilize IT Schedule 70 to move to the cloud, and how to meet FedRAMP requirements. […]
The Office of the Inspector General (OIG) found that the General Accountability Office (GAO) isn’t fully compliant with the Federal Information Security Modernization Act of 2014 (FISMA), according to a report released yesterday. […]
The House Oversight and Government Reform Committee (OGR) on Tuesday approved by voice vote a bill which would allow Federal agency heads to limit access to certain websites or deploy cybersecurity measures if they feel that it is necessary to secure their IT systems, but not before strong vocal dissent about the scope of the legislation. […]
Jordan Burris, senior cybersecurity advisor to Federal CIO Suzette Kent at the Office of Management and Budget (OMB), said Friday at an Information Security and Privacy Advisory Board (ISPAB) meeting that Federal agencies are continuing to make progress on curbing their cybersecurity risks, following concerning findings from the White House. […]
Survey results discussed during a June 14 Digital Government Institute webinar seem to bode well for end-user reception of deployment of Continuous Diagnostics and Mitigation (CDM) Phase 3 technology by the Department of Homeland Security, which is charged with improving the security of Federal civilian networks. […]
The unique role of the Department of Homeland Security (DHS) in leading cybersecurity efforts for the entire civilian Federal enterprise presents a unique challenge and one that requires the government to rethink its understanding of risk, DHS’ Jeanette Manfra said Thursday at MeriTalk’s Akamai Government Forum. […]
DHS Continuous Diagnostics and Mitigation (CDM) is pivotal to improving government cybersecurity. While it’s critical, it has a lot of moving parts–and that can make it difficult to follow. MeriTalk sat down with Kevin Cox to get a handle on the state of CDM, as well as an understanding of where the program goes from here. And, it’s quite a story–so I hope you’re sitting comfortably, feel free to grab a cup of coffee. […]
The Small Business Administration’s (SBA) Office of Inspector General (OIG) found that the agency needs to improve compliance three key pieces of Federal IT Legislation, according to OIG’s semiannual report, released May 25 and covering October 2017 through March 2018. […]
A new White House report says three quarters of Federal agencies are not managing their cybersecurity risk correctly and are consequently at “risk or high risk” of data theft or network intrusion due to poor cybersecurity programs. […]
The House Oversight and Government Reform (OGR) IT subcommittee followed up last week’s release of the sixth FITARA Scorecard (Scorecard 6.0) by releasing a second, more detailed scorecard. It provides insight into each of the categories of FITARA scoring, with methodology, metrics, calculations, and detailed data points on just how well each of the 24 agencies fared. […]
The Department of Labor’s Office of Inspector General (OIG) said the agency needs to improve in two key legislative areas related to IT management, according to OIG’s semiannual report released Tuesday and covering October 2017 through March 2018. […]
It’s not exactly the heist of the century, but the FDIC has stirred up a bit of controversy. Departing FDIC employees downloaded their family photos, personal emails, and the sensitive data of over 100,000 bank customers–oops. Instead of reporting to Congress, the agency stayed mum for months. This earned the agency a strict chiding from their IG in the form of a special inquiry issued on April 16. Fa […]
The Federal Risk and Authorization Management Program (FedRAMP) has released new guidance to help cloud service providers (CSP) better delineate the authority and responsibility shared between providers and government agencies. […]
Action plans to accelerate Federal agency migrations to cloud platforms and services as outlined in the White House IT Modernization Report have been in effect for nearly three months now. For instance, the Office of Management and Budget (OMB) was directed to conduct a data call within 30 days of the report’s release, requesting agencies to identify systems that might be ready for cloud migration, but have not because of some perceived or encountered difficulties. […]
The Department of Homeland Security (DHS) has been working in unison with the Office of Management and Budget to assess the risk management posture of the Federal government. They’ve been using a combination of agency self-reporting and independent verification to evaluate each agency’s mitigation techniques as well as the nation’s overall security standing. DHS’ latest […]
TalaTek, a risk management company, announced on Feb. 26 that it received a FedRAMP ATO from the Pension Benefit Guaranty Corporation (PBGC) for its Enterprise Compliance Management Solution (ECMS). This cloud-based SaaS allows PBGC to centralize security statistics in real time and see whether it complies with a variety of security frameworks, including NIST security frameworks. […]
The idea of a scorecard seems like a quaint notion, conjuring black and white photos of somebody’s grandad in a fedora, licking the pencil tip before recording the latest play at the old ballgame in his program. […]
Thousands of Federal contractors could find themselves scrambling to comply with stringent cybersecurity requirements after the General Services Administration (GSA) announced it is tightening the rules for protecting sensitive, non-classified data. […]
With an increasing attack surface resulting in millions of new threats every year, partially updating C&A documents every six months, re-mediating a few Plan of Action and Milestones, and updating all docs every three years, won’t, and doesn’t, keep the bad guys out of Federal networks. […]