Being FISMA compliant is tough enough. Doing so in a hybrid cloud, especially when pressured to be FedRAMP certified and continuously monitor systems, adds to the challenge.
Download this whitepaper to explore:
The challenges of being compliant and secure in a hybrid environment;
Products and strategies to...
President Obama has tapped veteran CIO Tony Scott as the top government IT official whose responsibilities include overseeing agencies' compliance with FISMA, the law that governs federal government IT security.
Consider President Obama's signing of the Federal Information Security Modernization Act this month an early birthday present for Sen. Tom Carper, the chief sponsor of the legislation that updates FISMA.
The sponsor of Senate-approved FISMA reform, Tom Carper, says it's not a done deal because the House has a dispute over which committee - Homeland Security or Oversight and Governmental Reform - has jurisdiction over the legislation.
Barring a catastrophic cyberattack in the next few days to motivate legislators to act, don't expect lawmakers to vote on any cybersecurity bill for the remainder of the current Congress.
Put together, two IRS audits illustrate a major concern many security pros have about FISMA audits: They're checklists of whether organizations comply with regulations that require specific processes but do not determine if the processes are effective.
The logjam in Congress on passing significant cybersecurity legislation could be broken when Republicans assume control of the Senate next year. Here's why.
Recalling an up to 10-day delay in Homeland Security helping other agencies cope with the Heartbleed vulnerability, DHS's Phyllis Schneck champions FISMA reform legislation that would codify the department's role as guardian of civilian agency IT.
With fewer employees, and still fewer - if any - IT security experts on staff, small federal agencies face challenges not confronted by larger ones, and congressional auditors say DHS and OMB should give them more help.
A Senate committee has approved legislation to reform the 12-year-old law that governs federal information security, plus two other cybersecurity-related bills. The full Senate will now consider the measures.
Legislation before the House to excise from federal law the requirement that NIST work with the NSA on cybersecurity standards wouldn't likely stop the two federal agencies from continuing to collaborate.
As the number of cybersecurity incidents increase, departments and agencies are doing a better job of complying with the law that governs IT security in the U.S. federal government, a new report to Congress from the White House says.
The Defense Department's plan to adopt NIST's risk management framework. means that, for the first time, defense, intelligence and civilian federal agencies will use the same set of risk management standards.
Days before the release of the Obama administration's cybersecurity framework, Senate Republicans issued a report detailing vulnerabilities in federal IT, suggesting the White House get its own house in order.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.