Updating OMB Circular A-130 Management of Federal Information Resources

Updating OMB Circular A-130, Management of Federal Information Resources was a discussion topic on the second day of the Internet Security and Privacy Advisory Board’s (ISPAB’s) meeting.  The ISPAB is an expert advisory body established by Congress to advise NIST, the Secretary of Commerce and OMB. The Board received a presentation on work underway to revise  Appendix III of  the Circular, Security of Federal Automated Information Resources was the focus of discussions.  The presentation was made by representatives of an ad hoc group of senior A-130 information security experts working to assist OMB in the revision process.

Update on NIST SP 800-53 Rev. 4

The first day of the Internet Security and Privacy Advisory Board’s (ISPAB’s) three-day quarterly meeting included a presentation by Dr. Ron Ross on NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations.   The meeting is being held on the NIST campus in Gaithersburg, MD.

The central theme of Dr. Ross’ talk was that SP 800-53 Rev. 4 supports “A New Cyber Defense Vision — Build it right — Continuously Monitor.”  For more information about the continuous monitoring aspects of the presentation, please see “Build it right — Continuously Monitor” on FISMA Focus’ Continuous Monitoring Discussion Forum.

Schmidt leaving government in a much different cyber place

From: FederalNewsRadio.com 1500AM

By Jason Miller

One of the biggest differences in the federal cybersecurity landscape over the last two years is the recognition by the most senior leaders of the importance of securing agency, contractor and critical infrastructure systems.

Howard Schmidt, the outgoing White House cybersecurity coordinator, said in his first interview since announcing his retirement May 17 that IT security ranks in every agency’s top five priorities. It’s that acknowledgement that shows both the impact of the White House’s cyber office and the broader change across government.                                                                                                   

Database Monitoring, SIEM Top IT’s List

Editor’s Note: The complete McAfee report is attached below.

From: Dark Reading

By Kelly Jackson Higgins

IT organizations want better visibility into their network in order to react more quickly to advanced threats, McAfee report finds

Is there such thing as overpatching? More than 40 percent of IT organizations say they patch everything possible just in case, according to a new report.

Nearly half of IT organizations worldwide say they patch monthly, and one-third, weekly. And the rest, 43 percent, don’t have a handle on just which threats affect them, so they patch as much as they can, according to the new McAfee Risk and Compliance Outlook 2012 report.

NIST SP 800-146, Cloud Computing Synopsis and Recommendations

NIST has released (attached below) Special Publication 800-146, Cloud Computing Synopsis and Recommendations.  As NIST explains,

The final version of NIST Special Publication 800-146, Cloud Computing Synopsis and Recommendations is NIST’s general guide to cloud computing. It explains cloud systems in plain language and provides recommendations for information technology decision makers ranging from chief information officers, information systems developers, system and network administrators, information system security officer and systems owners. This document presents information on how clouds are deployed, what kind of services are available, economic considerations, technical characteristics such as performance and reliability, typical terms of service, and security issues. It also offers recommendations on how and when cloud computing is an appropriate tool, and surveys open issues for cloud computing.