Nov
16

Did agencies suffer a data breach by using Kaspersky? DHS says no ‘conclusive’ evidence, yet

From: Federal News Radio

By Jason Miller

House lawmakers raised new questions Tuesday about the threat of Kaspersky Lab products and why the civilian agencies didn’t act more quickly to remove the company’s products.

***

Wynn said NASA used continuous diagnostics and mitigation (CDM) tools to scan its network and identify any implementations of Kaspersky products. She said the space agency found no “active installations” of Kaspersky.

Read Complete Article

Nov
10

IG slams OPM cybersecurity for continued deficiencies years after breaches

From: FedScoop

Billy Mitchell

***

OPM is not making substantial progress in implementing our FISMA recommendations from prior audits,” the IG said. “While resource limitations certainly impact the effectiveness of OPM’s cybersecurity program, the staff currently in place is not fulfilling its responsibilities that are outlined in OPM policies and required by FISMA.”

The IG found glaring deficiencies, in particular, in OPM’s continuous monitoring, saying though it had established policies and procedures, “the organization has not completed the implementation and enforcement of the policies.”

Read Complete Article

Nov
07

More than two years after historic breach, OPM continues to struggle with cybersecurity

From: CyberScoop

Chris Bing

***

Although OPM has reportedly made improvements in several recognized issue areas, including for example with the agencies’ increased ability to quickly remediate cyberattacks due to a more competent incident response process, it “continues to struggle” in other domains. The OIG took note — repeatedly — of what they precisely described as a longstanding lack of “contingency planning” and a failure to enforce continuous monitoring program policies.

OPM failed to test contingency plans that it had devised — like those used in emergency situations, data breaches and unpredictable system failures — across a number of different divisions; representing a continuation of past problems, the report identified.

Nov
06

5 agencies expected to send data to governmentwide cyber dashboard by end of 2017

From: Federal News Radio

By Jason Miller

The first agency has submitted data to the federal dashboard under the continuous diagnostics and mitigation program, and four others are following closely behind.

Kevin Cox, the CDM program manager for the Homeland Security Department, almost seemed relieved when he announced it at the ACT-IAC Executive Leadership Conference last week.

Read Complete Article

Nov
02

CDM Program Tests Federal Dashboard

From: MeriTalk

By:

The Continuous Diagnostics and Mitigation Program (CDM) last week held its first data exchange between the Federal CDM dashboard and an agency dashboard.

All of the CFO Federal agencies have agency dashboards to comply with the CDM program, and the Federal dashboard is in production, according to Kevin Cox, CDM program manager for Network Security Development, at the Department of Homeland Security.

Read Complete Article

 

Oct
26

Are the concerns about Kaspersky Lab software the tip of the cyber iceberg awaiting agencies?

Editor’s Note: See, Does Use of Huawei or ZTE Equipment/Services Trigger SEC Cyber Risk Disclosure Requirements?

From: Federal News Radio

By Jason Miller

***

Oct
24

Commerce to leverage NOAA’s TIC

From: GCN

By Sara Friedman

***

“NOAA has developed a stack of tools that provides the same information to Einstein that a commercial provider would provide from the Managed Trusted Internet Protocol Services program,” Turk said. “We are going to start running the Department of Commerce’s traffic through this connection that NOAA has developed for us.”

Einstein is a program operated by the Department of Homeland Security that detects and blocks cyberattacks targeting federal systems. DHS is the in the process of moving into the third phase of the Einstein program that involves continuous monitoring of government networks with help from major internet service providers.

Oct
24

OMB Sets 2018 Deadline for Annual FISMA Reports

From: ExecutiveGov

The Office of Management and Budget has released a memorandum that requires federal civilian agencies to submit their annual Federal Information Security Modernization Act reports to OMB and the Department of Homeland Security by March 1, 2018, MeriTalk reported Wednesday.

Agencies should also file their FISMA reports with the Government Accountability Office and Congress, OMB Director Mick Mulvaney wrote in the memo published Monday.

Read Complete ARticle

Oct
20

DHS to Stand Up CDM Cloud Shared Services for Small Agencies

From: MeriTalk

By:

The Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) is standing up shared Continuous Diagnostics and Mitigation (CDM) cloud security resources for small agencies.

“That’s a rock star idea that’s coming to a government near you,” said Jeffrey Eisensmith, chief information security officer for DHS, at the CISQ Cyber Resilience Summit on Oct. 19.

Read Complete Article

Oct
20

DHS piloting agile cyber acquisition, CDM for cloud, CISO says

From: FedScoop

Written by 

***

Eisensmith also spoke about the benefits of shared services in deploying cybersecurity options for smaller agencies, a key component of the Trump administration’s cybersecurity executive order.

He said that the continuous diagnostic and mitigation program’s group F task order would soon being offering smaller agencies cloud-based cybersecurity defenses.

Read Complete Article

Older posts «