Looks like SecureState is actively seeking a Security Specialist to provide security test & evaluation assistance. This is definitely not a starter position however if you are mid-career and have been working in the fed sector for several years, it just might be that right fit. Oh and if you are just trying to...
Read more »
Today’s post was contributed by Sarah Clarke on her thoughts of NIST’s recent update to SP 800-64 Electronic Authentication Guideline. Another milestone has been reached in the race to get rid of now-suspect RSA token technology. On December 12, 2011, NIST published the Electronic Authentication Guideline SP-800-63-1, which updates guidance previously provided in SP-800-63....
Read more »
The long wait for a key Federal cloud computing program is over with the launch today of FedRAMP. FedRAMP will help Federal Agency managers to adopt cost-saving and service improving cloud computing solutions. For over two years the Federal government’s “cloud first” policy has floundered. Government executives and managers moved cautiously on adoption concerned...
Read more »
Last week I noticed NIST put out another draft infosec document that they need comments on. This time the publication that needs updated is SP 800-30, Guide for Conducting Risk Assessment, Revision 1. And updated it is in need of… NIST released the original version almost 10 years ago. Then it was known as...
Read more »
Ok, it’s another Friday night and I was just scanning around web and came across an interesting series of videos over on FedScoop.com. They run a feature called FedMentors and it included a set of six videos featuring Ron Ross answering several questions. One of the quick-hitting videos highlighted him pondering the question “What’s...
Read more »
Every once in a while in my corporate gig some snarky guy with some book smarts and no actual infosec experience poses this question to show off. While I passed my CISSP years ago, which is where I would have probably memorized this, I often have a hard time recollecting the exact difference. Mr....
Read more »
Ok, I had to go with the “Words Starting with N” theme. Oh and by Notes, I really mean Comments. And by NICE I really mean the National Initiative for Cybersecurity Education. I had been meaning to write about this a little sooner as you can tell by the dates of the articles referenced...
Read more »
I came across an article over at GovInfoSecurity.com where they interviewed Ron Ross about the future of Special Publication 800-53. As most of you have probably heard there is a draft appendix that contains a bunch of new privacy controls. We discussed this a while ago, mentioning how in most cases new controls are...
Read more »
If you haven’t heard, NIST has recently published Special Publication 800-128: Guide for Security Configuration Management of Information Systems. Local NoVA blogger Chris “@cyberhiker” Burton recently put out a detailed post with his thoughts on this newly release document. Based on Chris’s review, it looks like a step in the right direction … but...
Read more »
In case you missed the announcement on Tuesday, National Institute of Standards and Technology (NIST) has released a draft of new privacy controls to be included in the next update of Special Publication (SP) 800-53. Currently referred to as SP 800-53 Appendix J, the update provides the first steps to standardizing what privacy means...
Read more »
