FISMA News

From: PC World

By Grant Gross

A bill in the U.S. Senate would require operators of so-called critical infrastructure networks to adopt cybersecurity practices if evaluations by the U.S. Department of Homeland Security find their security lacking.

The new bill, introduced Tuesday by four senators, would cover operators of systems that, if compromised, would cause mass death, evacuation or major damage to the U.S. economy, said the sponsors, including Senator Joe Lieberman, a Connecticut independent and chairman of the Senate Homeland Security and Governmental Affairs Committee.

From: Federal Times

Three senators are expected to introduce a long-awaited cybersecurity bill next week that will overhaul the way the government protects critical networks.

Sens. Susan Collins, R-Maine, Joe Lieberman, I-Conn., and John Rockefeller, D-W.Va., are now putting final touches on the bill, which mirrors a reform proposal outlined by the White House in May.

The bill would authorize the Department of Homeland Securityto beef up security standards for privately owned critical networks, such as those affecting transportation and water systems, said Leslie Phillips, spokeswoman for the Senate Homeland Security and Governmental Affairs Committee. Companies operating such systems, however, could appeal DHS’ regulation of them, Phillips said.

From: FierceGovernmentIT

(Reuters) – A hacker released the source code for antivirus firm Symantec’s pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

The release followed failed email negotiations over a $50,000 payout to the hacker calling himself YamaTough to destroy the code.

The email thread was published on Monday, but the hacker and the company said their participation had been a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.

From NIST Tech Beat: February 7, 2012

 Contact: Jennifer Huergo
301-975-6343

The National Institute of Standards and Technology (NIST) released its recommendations for a new, privately led steering group to tackle the complex policy and technical issues necessary to create an online environment where individuals and organizations will be able to better trust one another. In a report released Feb. 7, 2012, NIST also announced its intent to issue a Federal Funding Opportunity for an organization to convene the steering group and provide it with initial secretarial, administrative and logistical support.

Editor’s Note:  The FedRAMP Concept of Operations (CONOPS) document may be found here.

From: Federal Times

The General Services Administration provided more details on Tuesday about a new mandatory security assessment program for federal cloud providers.

A 47-page concept of operations document about the Federal Risk and Authorization Management Program (FedRAMP) managed by GSA, details how agencies and cloud vendors can initiate the FedRAMP process, how the program will work and what is required of all parties involved in the process.

One thing vendors should expect are new service level agreements that hold them legally responsible for meeting and maintaining FedRAMP requirements, according to the document.   

From: Information Week

National Institute of Standards and Technology’s new IT Lab Director Chuck Romine says agency is focusing on big data, cloud computing, mobility, and cybersecurity in the coming year.

By J. Nicholas Hoover

The National Institute of Standards and Technology’s IT Laboratory, which works on IT standards and metrics as well as federal cybersecurity programs, will be placing a new focus on big data and mobility technologies this year and will continue its work on cybersecurity and cloud computing, according to IT Lab Director Chuck Romine.

From: immixGroup, Inc

McLean, VA, February 2, 2012-Success in cyber security requires buy-in from the highest levels – not just among the IT staff, but at the CFO and CEO level, according to government and industry panelists in a recent federal cyber security seminar. Network monitoring, patching or purging outdated software and hardware, communications, and coordination are all essential tools for good risk management policies and practices.