Blog Profile: Vivek Kundra, US Government CIO

Editor’s Note:  The following article provides key information about the federal government’s cost-saving “Cloud First” policy including:

  • “$20 billion of the total US Federal Government IT budget of $80 billion has already been identified for the move to cloud. And to ensure that this 25% cloud migration commitment is not stillborn, Kundra and 27 main departmental CIOs have signed up to a “Cloud-First” policy that all must implement by the middle of 2011.


Microsoft Seeks Clarification from NIST with Respect to Continuous Monitoring

The Center for Regulatory Effectiveness (CRE) has obtained, via FOIA request, Microsoft’s comments to NIST on the Initial Public Draft of their continuous monitoring guidance document, SP 800-137.

Microsoft’s comments include a request that NIST “Please clarify what the ‘organization-wide tools’ mentioned” on p. 21 of the draft with respect to continuous monitoring strategy at organizational Tiers 1 and 2.

Microsoft’s complete comments are attached below.  CRE will be releasing the SP 800-137 comments of additional private sector and federal agency stakeholders.



Cybersecurity ‘compliance regime’ a concern on the Hill

From: FierceGovernment IT

Cybersecurity legislation will not solve the challenges faced in public- and private-sector IT, and could result in another security check box instead of a cultural change, said Kevin Gronberg, senior counsel for the House Homeland Security Committee.

Gronberg said that even agencies fully compliant with the Federal Information Security Management Act have suffered massive data breaches.

“I’m concerned that Congress may believe that the debate will be over as soon as the president signs that bill. We need to understand what drives the culture of a secure cyber environment and move our country toward that,” said Gronberg.

Continuous Monitoring and SAIR Tier III

A draft DHS presentation to the Federal Continuous Monitoring Working Group discusses SAIR (Situational Awareness and Incident Response) Tier III and Continuous Monitoring.

The presentation indicates that the Department is:

  • “Looking at a strategy and alternatives that would allow products to be added as they mature”

  • Considering “releasing a RFI or Draft RFQ in Q4 2011 11”

The complete draft presentation is attached below.

COOSE – Federal Continuous Monitoring Working Group_Mitre_022211


White House draft bill expands DHS cyber responsibilities

the bill lets the DHS secretary decide what is critical infrastructure, assess audit systems for cyber resilience and create an industry of third-party accreditors and evaluators to assess private sector owners and operators systems for meeting cybersecurity requirements.

Editor’s Note: The complete story from is below.

By Jason Miller
Executive Editor
Federal News Radio

Under a White House plan, the Homeland Security Department will have far-reaching oversight over all civilian agency computer networks.

The proposal would codify much of the administration’s memo from July 2010 expanding DHS’s cyber responsibilities for civilian networks.