Security incidents reported over the past five years have placed the confidentiality, integrity and availability of sensitive government information and information systems at risk, an annual GAO review reveals.
The shift to monthly reports of key metrics through CyberScope from annual FISMA filings allows security practitioners to make decisions using more information and more quickly than ever before, OMB Director Jacob Lew says.
A team headed by Senior Computer Scientist Ron Ross will update one of NIST's premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations.
The ruckus over a new cybersecurity bill's ban of a so-called Internet kill switch camouflages the real significance of the Cybersecurity and Internet Freedom Act. The bill, if enacted, would rejigger the way to govern federal IT security.
"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
Cybersecurity reform was part of a defense bill that included a provision to repeal a law that bar gays from serving openly in the military. Supporters couldn't muster the support to bring a Senate vote on the bill.
The curious fact about cybersecurity legislation before Congress is that nearly everyone sees a need for it, and there's no partisan bickering, yet few people see a comprehensive federal information security bill becoming law this year.
The Protecting Cyberspace as a National Asset Act also would replace paper-based FISMA compliance with continuous monitoring of technology systems and assaults by "friendly hackers" to test IT vulnerabilities.