Here’s another addition of the Weekly Rewind, where we post out a quick summary of all our stories as well as the industry articles you seemed to like the most from the past week. If you missed anything or happened to be offline, we hope you find this post useful as a quick reference....
Read more »
According to GovInfoSecurity as well as several other publications, starting next month federal agencies will be required to implement continuous monitoring as part of their obligations under FISMA. At a minimum “continuous” is defined as monthly. All of their reported data needs to be fed into the CyberScope system. Oh and for training and...
Read more »
Yesterday, I posted my thoughts on Amazon’s new GovCloud announcement. Although it offers a huge step in the right direction, there is still a lot of ground work that needs to be done in most cases. Someone that’s a bit more read in this whole area is local blogger Chris “@cyberhiker” Burton. You may...
Read more »
If you haven’t heard by now, Amazon recently announced a new self-contained cloud region specifically customized for U.S. government customers. Think of it as their normal set of services (e.g., EC2, S3, etc.) but set up in their own special area only accessible to U.S. persons. They aren’t the first cloud provider to claim...
Read more »
In case you missed the announcement on Tuesday, National Institute of Standards and Technology (NIST) has released a draft of new privacy controls to be included in the next update of Special Publication (SP) 800-53. Currently referred to as SP 800-53 Appendix J, the update provides the first steps to standardizing what privacy means...
Read more »
Mike “@rybolov” Smith just posted his thoughts on the recent Microsoft/Google FISMA “certification” story from last week. Thought some of you might find this interesting. Personally, I think Google misrepresented their new email service. Even though it is based on an existing service that has an Authority to Operate (ATO), that does not mean...
Read more »
For those that haven’t heard GSA has been quickly pushing the Federal Risk and Authorization Management Program (FedRAMP) out the door with the goal of accrediting common cloud-based solutions that agencies can develop on top of. In this post from The Guerilla CISO, Mike “@rybolov” Smith takes on FedRAMP discussing the pros, cons, and...
Read more »
Every once in a while an opportunity presents itself to affect some real change in federal information security practice. Now is such a time. A slew of new NIST documents are being released between now and April. These are the core NIST documents that describe how to satisfy FISMA. They include NIST SPs 800-30 Revision...
Read more »
Just a quick reminder that the ISACA – National Capital Area (NCA) Chapter infosec meetup event is tomorrow, May 12th. For more information about the ISACA – National Capital Area (NCA) Chapter, see its description in our Infosec Meetups section. View our Calendar for a list of similar infosec events in and around the NoVA area. See our original...
Read more »
This week’s ISACA – National Capital Area (NCA) Chapter meetup will cover trends, perspectives, and practices in Federal Information Security Management. According to the ISACA – NCA Chapter website, “hether you are directly impacted by the Federal Information Security Management Act (FISMA) or otherwise responsible for designing, managing, or auditing information system controls, this event is...
Read more »
Should We Change Our Name to NovaInfosec.com?
Total Voters: 11
Loading ...
