The Department of Homeland Security has published a Request for Information (RFI) that requests
industry feedback on existing Government product performance requirements involving the Situational Awareness Incident Response (SAIR) Tier III project. The objective of SAIR Tier III is to provide U.S. Government (USG) agencies the ability to assess, assure, monitor, and measure the security posture of their information technology (IT) assets in a timely manner (i.e., near-real time.) This RFI provides an opportunity for respondents to submit their ideas and initiatives related to this request. Additionally, respondents will have the opportunity to comment on the draft product performance requirements for SAIR III listed on Attachment 2.
From: FederalNewsRadio.com 1500AM
In the VA, there are a reported 100,000 mobile devices.
Marketing analysts are predicting 55 million tablets being sold this year.
The concept of “Bring Your Own Device” (BYOD) is beginning to plague federal IT professionals whose job is to maintain a safe and secure environment.
On today’s show, Tom Kellerman, the CTO at Air Patrol Corporation, shares with listeners his thoughts on wireless situation awareness, managing the mobile risk, as well continuous monitoring.
Protecting the mobile environment means more than guarding against theft, sniffing, malicious code, and direct attack.
From: Washington Technology
The 2012 Federal IT budget request is $80.9 billion, with most federal IT spending requests slightly ahead of 2011 levels. Priorities include telework and mobile computing as well as cloud computing and virtualization. Yet, according to a recent federal IT budget briefing covered in Washington Technology magazine at the end of October, significant risks are associated with mobile computing and cloud-based applications. For that reason, cyber security will continue to top federal IT technology spending trends.
Continuous monitoring helps federal agencies “dramatically reduce risk”, observed Keren Cummins, director of federal markets for nCircle.
Cummins looked at three federal agencies – the State Department, US Agency for International Development (USAID), and the Center for Medicare and Medicaid Services (CMS) – that were able to use continuous monitoring to reduce cybersecurity risk.
For example, the State Department was able to reduce risk by 89% in the first 12 months of its continuous monitoring program; USAID was able to raise its Federal Information Security Management Act (FISMA) grade from C– to A+ in five years; and CMS was able to reduce risk at 88 data centers by 80%.
In a speech on Wednesday, Federal Chief Information Officer Steven VanRoekel said that a federal plan for qualifying and providing security audits on private sector cloud providers will become mandatory for any agency that wanted to contact with third party cloud providers, according to a report on GovInfoSecurity.com. But even as the U.S. federal government forges ahead with plans to shift a quarter of its IT spending to cloud-based services, efforts to launch that program – the Federal Risk and Authorization Management Program (FedRAMP)- are falling way behind schedule, according to a GAO report.
By Rutrell Yasin
The Federal Risk and Authorization Program will eventually be a mandatory path as federal agencies move to the cloud, federal CIO Steve VanRoekel told a government and industry audience at the National Institute of Standards and Technology campus. And FedRAMP will help make agencies more secure in the cloud than they are today.
“FedRAMP in the very near future is really a starting point,” Van Roekel said during a speech at the NIST Cloud Computing Forum & Workshop IV in Gaithersburg, Md, Nov. 2. “We envision FedRAMP as a living initiative,” VanRoekel said in the second speech he has given since taking the reins of the federal CIO office.