FedRAMP cloud security memo makes it past OMB director’s review

From: FederalNewsRadio.com 1500AM

Office of Management and Budget Director Jacob Lew has approved the cloud security memo and guidance, known as FedRAMP, pushing it to the brink of public release, Federal News Radio has learned.

Multiple sources have confirmed Lew approved the documents before Thanksgiving. Sources say OMB will issue both the memo and guidance as early as next week. The sources requested anonymity because they didn’t get approval to speak about the memo.

OMB declined to comment on whether or not Lew had reviewed materials.

White House, Congress Renew Cybersecurity Push

From: TechWorldNews

By John K. Higgins

The separation of issues that are still contentious from those where consensus is emerging bodes well for the enactment of legislation that addresses at least some important aspects of cybersecurity protection. “The lack of consensus on these issues should not hold the other critical reforms hostage in moving through the Congress and into enactment,” said Larry Clinton, president of the Internet Security Alliance.

In a rare showing of bipartisanship, members of Congress and the White House are trying to breathe new life into the effort to enact national cybersecurity legislation. In a recent flurry of activity, mainly between the Obama administration and the Senate, the issue got back on the legislative track.

Social Security Cites Budget Cuts for FISMA Lapses

An OIG Audit Report found that the Social Security Administration found that “the FY 2011 financial statement audit again identified a significant deficiency for financial statement reporting. It should be noted that a financial statement significant deficiency in internal control does not necessarily rise to the level of a significant deficiency as defined in FISMA.”
SSA cited budget cuts as being responsible for the FISMA shortcomings.  Specifically, the agency informed the OIG that,

Due to budget cuts, the Social Security Administration (SSA) stated that it did not update the System Security Plans for two of its general support systems and did not perform annual security tests on them.

The complete audit report is attached below.

Romine Named Director of NIST’s Information Technology Laboratory

From: NIST

Charles (Chuck) H. Romine became director of the Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST) on Nov. 21, 2011. With more than 500 staff and guest researchers, ITL develops and disseminates standards, measurements, and testing for interoperability, security, usability and reliability of information systems. Its work includes cybersecurity standards and guidelines for federal agencies and U.S. industry, and support for measurement science at NIST through fundamental and applied research in computer science, mathematics and statistics.

DOT Continous Monitoring Shortfalls Highlighted in OIG Audit Report

Editor’s Note:  The DOT OIG Audit Report is attached below.

From: GovInfoSecurity.com

DOT Falls Short in Annual FISMA Audit
CIO Responds that Lack of Resources Hinders Remediation

Eric Chabrow, Executive Editor, GovInfoSecurity.com

The Department of Transportation has once again failed to meet federal information security requirements, DOT’s Office of Inspector General says in its annual Federal Information Security Management Act security audit.

“These weaknesses significantly increase the risk that systems will become victim to cyberattacks or disruptions that can compromise the integrity, availability and confidentiality of data needed to fulfill DOT’s missions,” DOT Inspector General Calvin Scovel III writes in the report dated Nov. 14.