FISMA News

From: Internet Evolution

Written by Jerry Bishop

When Congress passed the fiscal 2012 National Defense Authorization Act (NDAA) last week, it may have done more for cloud computing than any other organization to date.

Now that his objections have been addressed, President Obama is expected to sign the final version of the NDAA (HR1540) into law. The majority of news coverage of the act has focused on controversial provisions for the indefinite detention of US citizens who are suspected of terrorism, but the cloud computing industry and IT departments should focus on “Section 2867: Data Servers and Centers.”

From: InsuranceNewsNet.com

Social networking, hacktivism, advanced persistent threats, cyberespionage, mobile malware, the entry of portable, handheld devices (smartphones, tablets) into the enterprise environment…these are just a few of the most prominent challenges security professionals must contend with each day. This year-end special section focuses on people who represent the highest degree of professionalism in the security space, individuals who stand out for their technical skills, managerial prowess, insight and advocacy. As well, interspersed are some of the highlights in the year’s strongest trends, including top breaches and threats, merger and acquisition activity and legal developments, as well as some of the nuttiest news stories in the cybersecurity world.

From: FederalNewsRadio.com 1500AM

Vendors wanting to provide cloud services and assess other vendors under the FedRAMP program will be watched closely so as not to violate federal conflict-of-interest rules.

Under the notice released Dec. 8, the General Services Administration wants vendors to wall off the different parts of their organizations if they want to provide both services.

“It will be a very strong test that we have to see a clear firewall between those capabilities,” said Dave McClure, GSA’s associate administrator in the Office of Citizen Services and Innovative Technologies, in an interview with Federal News Radio. “The key is we are relying on a specific ISO standard that is a clearer bar an organization must conform to, to demonstrate that separation in functionality. It’s not just an arbitrary, ‘tell us how you are doing it.’”

From: TechNewsWorld

By Richard Adhikari

“PrECISE” is the name given to legislation recently introduced by the U.S. House of Representatives’ Homeland Security Committee. If passed, it would put more cybersecurity responsibilities on the DHS’ shoulders and facilitate the creation of cybersecurity information sharing network for public and private spheres.

The United States government launched initiatives this past week to enhance cybersecurity, but these efforts may add to the confusion around the issue in federal government circles.

One development involves the unveiling of the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PrECISE) by the U.S. House of Representatives’ Homeland Security Committee. 

From: FederalNewsRadio.com 1500AM

By Emily Kopp

“Crawl before you can walk. Walk before you can run.”

That’s how Federal CIO Steve VanRoekel framed his strategy to achieve his 2012 priorities in his first speech to government IT contractors in Washington, D.C.

He said agencies would have to do “more with less,” but he wanted to emphasize the “more.” Certain IT initiatives now in their infancy would allow the government to be more productive with fewer dollars, he said.

FedRAMP, the much-discussed new way for agencies to use apples-to-apples comparisons to choose cloud-based systems that have met cybersecurity standards, could help agencies shift to the cloud, save money, and become more productive, he said.

From: Information Week

Agencies have delivered on 14 of the 25 points in the feds’ year-old plan to clean up government IT, reports U.S. CIO.

By Elizabeth Montalbano

The feds are making steady progress on a 25-point plan to reform IT introduced a year ago Friday, having already delivered on 14 goals of the plan and realizing nearly $1 billion in savings from one of its key initiatives, U.S. CIO Steven VanRoekel said Thursday.

VanRoekel held a press conference Thursday to provide an update on the plan, (PDF) launched last December by his predecessor Vivek Kundra to drastically improve the inefficient and costly way the government has implemented IT for more than a decade.

From: Washington Business Journal

Jill R. Aitoro, Senior Staff Reporter

After two years of development, the Office of Management and Budget officially launched a program Thursday that establishes uniform security requirements that contractors will have to meet to sell their cloud solutions to the federal government.

Federal Chief Information Officer Steven VanRoekel sent a memo to all agency CIOs requiring that they use the Federal Risk and Authorization Management Program when purchasing cloud services. FedRAMP, as it’s known, establishes a set of approved, minimum security controls that cloud services will have to meet, as well as an assessment process for authorizing these services under the program.

From: GCN

By William Jackson

The fiscal 2012 budget for the National Institute of Standards and Technology in the appropriations bill signed into law in November is up just slightly from fiscal 2011, but it shifts a sizable amount of money to in-house research and engineering, including two cybersecurity programs.

A National Cybersecurity Center of Excellence to be housed at NIST is funded to the tune of $10 million for the year, and $16.5 million is appropriated to support the administration’s National Strategy for Trusted Identities in Cyberspace, which is managed by NIST.

From: Bloomberg

The U.S. is invoking Cold War-era national-security powers to force telecommunication companies including AT&T Inc. and Verizon Communications Inc. (VZ) to divulge confidential information about their networks in a hunt for Chinese cyber-spying.

In a survey distributed in April, the U.S. Commerce Department asked for a detailed accounting of foreign-made hardware and software on the companies’ networks. It also asked about security-related incidents such as the discovery of “unauthorized electronic hardware” or suspicious equipment that can duplicate or redirect data, according to a copy of the survey reviewed by Bloomberg News.