Looks like SecureState is actively seeking a Security Specialist to provide security test & evaluation assistance. This is definitely not a starter position however if you are mid-career and have been working in the fed sector for several years, it just might be that right fit. Oh and if you are just trying to...
Read more »
The long wait for a key Federal cloud computing program is over with the launch today of FedRAMP. FedRAMP will help Federal Agency managers to adopt cost-saving and service improving cloud computing solutions. For over two years the Federal government’s “cloud first” policy has floundered. Government executives and managers moved cautiously on adoption concerned...
Read more »
Ben “@falconsview” Tomhave put out a nice post yesterday regarding the SANS 20 Critical Security Controls (CSC). In it he stressed how the they are 1) not actually controls, 2) not scalable, and 3) only designed to sell a product. I don’t know enough to comment on point 1. Point 2 seems right on...
Read more »
Here’s another addition of the Weekly Rewind, where we post out a quick summary of all our stories as well as the industry articles you seemed to like the most from the past week. If you missed anything or happened to be offline, we hope you find this post useful as a quick reference....
Read more »
According to GovInfoSecurity as well as several other publications, starting next month federal agencies will be required to implement continuous monitoring as part of their obligations under FISMA. At a minimum “continuous” is defined as monthly. All of their reported data needs to be fed into the CyberScope system. Oh and for training and...
Read more »
Yesterday, I posted my thoughts on Amazon’s new GovCloud announcement. Although it offers a huge step in the right direction, there is still a lot of ground work that needs to be done in most cases. Someone that’s a bit more read in this whole area is local blogger Chris “@cyberhiker” Burton. You may...
Read more »
If you haven’t heard by now, Amazon recently announced a new self-contained cloud region specifically customized for U.S. government customers. Think of it as their normal set of services (e.g., EC2, S3, etc.) but set up in their own special area only accessible to U.S. persons. They aren’t the first cloud provider to claim...
Read more »
In case you missed the announcement on Tuesday, National Institute of Standards and Technology (NIST) has released a draft of new privacy controls to be included in the next update of Special Publication (SP) 800-53. Currently referred to as SP 800-53 Appendix J, the update provides the first steps to standardizing what privacy means...
Read more »
Mike “@rybolov” Smith just posted his thoughts on the recent Microsoft/Google FISMA “certification” story from last week. Thought some of you might find this interesting. Personally, I think Google misrepresented their new email service. Even though it is based on an existing service that has an Authority to Operate (ATO), that does not mean...
Read more »
For those that haven’t heard GSA has been quickly pushing the Federal Risk and Authorization Management Program (FedRAMP) out the door with the goal of accrediting common cloud-based solutions that agencies can develop on top of. In this post from The Guerilla CISO, Mike “@rybolov” Smith takes on FedRAMP discussing the pros, cons, and...
Read more »
