NIST to Take Lead on Secure Cloud Computing

According to the 25 point implementation plan to reform federal information technology management released by the US Chief Information Officer, NIST “will facilitate and lead the development of standards for security, interoperability, and portability” for cloud computing.

The plan states that “NIST is working with other agencies, industry, academia, standards development organizations, and others to use existing standards as appropriate and develop cloud computing standards where gaps exist. While cloud computing services are currently being used, experts cite security, interoperability, and portability as major barriers to further adoption. The expectation is that standards will shorten the adoption cycle, enabling cost savings and an increased ability to quickly create and deploy enterprise applications.”

Final Public Draft of NIST SP 800-39 Integrated Enterprise-Wide Risk Management to be Relased on 11/14

From: NIST

NIST Special Publication 800-39, Integrated Enterprise-Wide Risk Management: Organization, Mission, and Information System View, is the fourth in the series of risk management and information security guidelines being developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, the Intelligence Community, NIST, and the Committee on National Security Systems. The partnership, under the leadership of the Secretary of Defense, the Director of National Intelligence, and the Secretary of Commerce continues to collaborate on the development of a unified information security framework for the federal government to address the challenges of protecting federal information and information systems as well as the Nation’s critical information infrastructure.

DHS Announces Continuous Monitoring Request For Information

The Department of Homeland Security is solicity information regarding continuous monitoring capabilities.  Specifically, DHS “is performing market research to determine industry interest and capabilities for information security continuous monitoring solutions.”  The request for information is not a “request for proposal and in no way commits the Government to award a contract.”

DHS states that “Solutions must define and operate in a near real-time manner” and “must be capable of being implemented across a range of computing environments” including “geographically diverse networks” and “disconnected computing assets…that are disconnected from an agency’s enterprise even though the agency has to account for them (e.g. laptops, mobile devices)….”

NIST and DHS Sign MOU with Financial Services Industry to Improve Cybersecurity

The National Institute of Standards and Technology and the Department of Homeland Security’s Science and Technology directorate signed a Memorandum of Understanding with the Financial Services Coordinating Council for Critical Infrastructure and Homeland Security, a private sector organization created by the financial services industry.

The MOU calls for collaborative research, development and testing of cybersecurity technologies to help secure the financial industry’s critical infrastructure. 

Attached is the MOU.



DHS Activities May Addresss Wireless Security

In a new report on wireless network security, GAO noted that agencies “have taken steps to secure their wireless networks, but more can be done to improve security and to limit vulnerability to attack.”

GAO also noted that,

In a July 2010 memo, OMB directed the Department of Homeland Security (DHS) to exercise primary responsibility within the executive branch for the operational aspects of federal agency cybersecurity with respect to the federal information systems that fall within FISMA.