Hope for a Holy Grail of Continuous Monitoring


By Lt. Col. Mark A. Russo, USA (Ret.)

The most misunderstood cybersecurity solution holds promise.


Many experts had hoped that the colossal breach of the Office of Personnel Management several years ago might have heralded much-needed focus, energy and funding to defeat the bad guys. That has proved to be an empty hope, and officials have continued to abrogate their authority to lead in cyberspace.


DHS to launch federal cyber dashboard next month

From: GCN

By Matt Leonard

The Department of Homeland Security plans to stand up a federal dashboard next month that will provide cybersecurity data from agencies that have operating sensor networks and internal dashboards.

This will be the next step in a years-long effort to implement continuous diagnostics and mitigation within the federal government, Jeanette Manfra, the assistant secretary in DHS’ Office of Cyber Security, said at a Sept. 25 conference hosted by the Professional Services Council.

Read Complete Article


DHS Rolls Out New Tool to Boost Confidence in Cyber IT Security

From: FedTech

A new supply chain risk management plan is aimed at getting more information about cybersecurity technology’s origins.


Want to add new cybersecurity tools to your agency’s IT security mix but are wary about where they’re coming from, and what they might do to your networks? The Department of Homeland Security thinks it has a fix.

DHS is rolling out a new supply chain risk management plan for its Continuous Diagnostics and Mitigation program. The goal is to give agencies more information about the products on the CDM program’s “approved products list” (APL) and to bolster confidence in their reliability and security.


SCAP 1.2 Validation Test Suite version 1- Available for Download

From: SCAP Validation Team, NIST SCAP Validation Program

SCAP Community Members,

The SCAP 1.2 validation test suite version 1- is now available for download from SCAP Validation Program Publications and Resources webpage. The direct URL is

This release adds support for Microsoft Windows 10 32 and 64bit, and Apple Mac OS 10.11 platforms, includes additional test cases for behaviors attributes of the OVAL file_test on Windows, RHEL, and Mac OS X, and addresses several bugs in the validation test content as described in the change log. Please refer to the change log for a complete list of updates.


Data: The Piece of Cybersecurity Feds Can No Longer Ignore

From: FedTech

The Trump administration needs to work with Congress to fully fund the Department of Homeland Security’s Continuous Diagnostics and Mitigation program.


Data breaches pose one of the greatest threats to the federal government. As President Donald Trump acknowledged in his Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the government needs to do much more to protect the nation’s data.

To do so, the president will need to work with Congress to transform the way the federal government thinks about directing cybersecurity investments. The ever-changing cybersecurity landscape requires federal agencies to evolve beyond merely protecting the network perimeter and hosts to implementing protections on the most essential level: the data.


Complying with Regulatory Frameworks

From: Bank Info Security

Oracle’s Joshua Brooks on Dealing With the Challenges

Joshua Brooks understands why those charged with information security compliance can, at times, be overwhelmed when they must deal with frameworks associated with PCI, HIPAA, FedRAMP, ISO 270001 and NIST 800-53, to name a few.


In the interview, Brooks:

  • Explains the benefits of mapping a common set of controls to specific terminologies in various frameworks to help stakeholders to comply with laws and regulations;
  • Discusses the synergy between compliance and security; and
  • Addresses automating compliance.

Watch/Read Complete Story


VIEWPOINT: Marine Corps Takes Lead in Cyber Resiliency

Editor’s Note: See, Achieving a Cyber-Reliant Infrastructure.

From: National Defense

By Tom Burke

In December, Congress passed the fiscal year 2017 National Defense Authorization Act, which mandates that the Defense Department implement continuous monitoring using cybersecurity tools in a measure to protect the nation’s information-technology infrastructure from malicious cyber attacks.


Another element was “security configuration management.” Like patch management, thousands of out-of-the-box security configuration management policies were deployed to enforce the Defense Information Systems Agency’s security technical information guide controls, which continuously inspect devices for compliance, effectively automating many of the Defense Department’s auditing functions while providing compliance reporting with near real-time data.


Trump’s Tech Team Shares Plans For Modernizing Government

From: Nextgov

By Mohana Ravindranath and Joseph Marks

The coalition of senior White House advisers and tech tycoons that President Donald Trump consults about government problems has finally shared a general plan for catching federal agency technology up to the private sector’s.


The report also envisions expanding the Homeland Security Department’s continuous diagnostics and mitigation program—which provides cybersecurity services to federal agencies—to agency data stored in computer clouds.

Read Complete Article



Cyber products to get further scrutiny under new DHS plan

From: Federal News Radio

By Jason Miller


DHS is adding more rigor to vendor supply chains for a governmentwide cybersecurity initiative.

Kevin Cox, the program manager of the continuous diagnostic and mitigation (CDM) program at DHS, said an updated CDM supply chain risk management plan should help agencies be more confident in the cybersecurity products and services they are buying.

Listen to/Read Complete Story