UPDATE: SP 800-137 NOT Cancelled

CRE has received information that SP 800-137 has NOT been cancelled.  Subsequent action on the continuous monitoring guidance document (release of either a revised public draft or a final document) is expected by no later than the end of September, possibily earlier.


NIST Deletes Continuous Monitoring Guidance From FISMA Development Schedule

NIST’s revised Development Schedule for FISMA Implementation deleted all reference to SP 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations.  The Initial Public Draft of SP 800-137 was released by NIST on December 16, 2010 with a comment period ending on March 15, 2011.

NIST’s previous revision to the Development Schedule cancelled a planned 2nd Public Draft of SP 800-137 but otherwise left its development intact.

NIST has not yet provided any indication of: 1) Why SP-800-137 was deleted from the Development Schedule; 2) what the revised schedule means for the fate of the guidance document; or 3) what the deletion of the document may mean for implementation of continuous monitoring requirements by federal agencies.

Budget deal threatens government cloud security clearances

Editor’s Note:  There is clearly a dispute among media sources as to the future of the crucial FedRAMP program.

From: NextGov

By Aliya Sternstein  04/12/11

A program aimed at curbing federal information technology costs by expediting security certifications for shared, so-called clouds might be a victim of the latest round of budget cuts, technology officials familiar with funding conversations said.

A proposed $35 million e-government account that supports FedRAMP, the cloud security effort, was gutted under the pact lawmakers struck on Friday to avert a government shutdown. While the details on how the account will be divvied up among programs are still unknown, Congress reduced the fund to $8 million.

FedRAMP would likely dodge any e-government budget cuts

From: FierceGovernmentIT

A General Services Administration official said FedRAMP would likely not be threatened by possible budget cuts, despite being funded by the e-government fund.

While FedRAMP is an e-gov project, it will not be classified as such much longer, Katie Lewin, program manager for Cloud Computing at GSA said while speaking at an April 8 cloud computing forum at the National Institute of Standards and Technology in Gaithersburg, Md. FedRAMP will soon operate within GSA’s Federal Acquisition Service, putting the program in a different budget line.

Watchdogs have publically worried that funding for OMB websites and projects within the e-gov program would be cut from a future, and most likely scaled-down budget.

Google responds to Microsoft’s FISMA certification accusations

From: CNNMoney.com

Earlier this morning Microsoft accused Google of false advertising.  Google responds.

This morning, David Howard, Corporate Vice President & Deputy General Counsel at Microsoft (MSFT) took the opportunity to look at unsealed documents to point out something, that if true or genuine, would seem to be a pretty big deal.

Last Friday afternoon, I learned that a batch of court documents had been unsealed and had revealed one particularly striking development: the United States Department of Justice had rejected Google’s claim that Google Apps for Government, Google’s cloud-based suite for government customers, has been certified under the Federal Information Security Management Act (FISMA). Given the number of times that Google has touted this claim, this was no small development.