Inspector General Patrick Malley deems as inadequate the existing approach to state IT security governance that resulted in a breach last summer of a Department of Revenue tax system, which exposed the Social Security numbers of nearly 4 million taxpayers.
Absent a uniform method, the NIST interagency report investigates credential revocation, focusing on identifying missing requirements, and suggests a model for credential reliability and revocation services that addresses those missing requirements.
A new report says the Department of Health and Human Services must improve oversight of the HITECH Act's EHR incentive program, so that providers show better proof of compliance, including risk assessments.
Given the magnitude of sensitive information on Social Security Administration computers, the inspector general says, any loss of confidentiality, integrity or availability of systems or data could have a significant impact on the nation's economy.
The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack. NIST's Matthew Scholl offers strategies to mitigate the threat.
Comments are being accepted through Jan. 14, 2013, on potential privacy and security requirements to be included in the meaningful use rule for Stage 3 of the HITECH Act's electronic health record incentive program.