Skip to main content

Home/ WPPS C-Suite News/ Group items tagged FISMA

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Infosecurity (USA) - White House cybersecurity proposal shifts FISMA responsibility to DHS - 0 views

www.infosecurity-us.com/...ts-fisma-responsibility-to-dhs

security Privacy compliance FISMA DHS Best Practice

shared by sandy ingram on 07 Jun 11 - No Cached
  • This would in effect shift FISMA implementation responsibility away from the Office of Management and Budget (OMB) and the National Institute for Standards and Technology (NIST) to DHS, “where the knowledge of attacks informs the defense”, Paller said.
  • “DHS has already demonstrated that they are focusing on the critical controls....They are focusing on effectiveness measures, rather than make work”
  • The proposal would also expand the DHS authority over cybersecurity of private networks, particularly critical infrastructure. DHS would have the authority to develop and conduct risk assessments of private sector critical infrastructure systems and share information with the private sector about threats and best practices.
  • ...5 more annotations...
  • “This brings the same rationality to offense informing defense. Instead of telling people that they have to have a good security plan, what DHS’s role will be is to demonstrate what best practices are and make sure people are measuring against those best practices”, Paller said.
  • The White House proposal would also create a national data breach notification requirement standardizing various state laws
  • “The administration's proposal would protect individuals by requiring businesses to notify consumers if personal information is compromised, and clarifies penalties for computer crimes including mandatory minimums for critical infrastructure intrusions.
  • The proposal would improve critical infrastructure protection by bolstering public-private partnerships with improved authority for the federal government to provide voluntary assistance to companies and increase information sharing.
  • It also would protect federal government networks by formalizing management roles, improving recruitment of cybersecurity professionals, and safeguarding the nation's access to cost-effective data storage solutions.”
  • sandy ingram on 07 Jun 11
     
    The White House proposal, which is a comprehensive cybersecurity plan, includes a provision directing the Department of Homeland Security (DHS) "to exercise primary responsibility within the executive branch for information security. This includes implementation of information security policies and directives and compliance" with FISMA, except for national security systems.
sandy ingram

Bill Gives DHS Lead on Fed IT Security Policy - 0 views

www.govinfosecurity.com/articles.php

dhs privacy security FISMA IT

shared by sandy ingram on 17 Aug 09 - Cached
  • The thinking behind shifting responsibility to DHS from OMB is that Homeland Security has the cybersecurity expertise whereas OMB's proficiency is budgeting. "Already, the Department of Homeland Security is the coordinating agency on cybersecurity," the staffer said. "Now, what you're doing is drastically strengthening the role of DHS by putting into law and then also, giving them the ability to say, with FISMA, approve or not to approve agencies plans, controls, frameworks, the way they secure their systems."
  • The bill also continues the role of the National Institute of Standards and Technology as the key government agency to develop IT security guidance, but leaves it to DHS the decision which guidance has priority.
  • sandy ingram on 17 Aug 09
     
    The responsibility to oversee information security among federal agencies would shift to DHS from the White House Office of Management and Budget under revisions of the measure, nicknamed U.S. ICE, that updates IT security guidance detailed in the seven-year-old Federal Information Security Management Act (FISMA), according to a senior cybersecurity staff member on the Senate Committee of Homeland Security and Government Affairs.
sandy ingram

The Fed 2011 Agenda: Rush to the Cloud ! - 0 views

www.drdobbs.com/...M4GKN3UNAEZQE1GHRSKH4ATMY32JVN

Best Practice cloud compliance

shared by sandy ingram on 03 Jan 11 - No Cached
  • The new 25-point plan establishes a Data Center Consolidation Task Force with a goal of reducing the number of data centers by 800 as of 2015.
  • The plan also touts scalability as a reason for embracing the cloud over traditional solutions. It cited the example of a private-sector company doing video editing that experienced a surge of demand and was able, using the cloud, to scale from 50 to 4,000 virtual machines in three days.
  • There's an expectation that moving applications such as e-mail to the cloud will facilitate data center consolidation and reduce IT budgets. Some federal agencies have already awarded contracts to move e-mail to the cloud. In addition, the government has selected a dozen vendors to supply Infrastructure-as-a-Service (Iaas).
  • ...6 more annotations...
  • Google and Microsoft want the government’s cloud business and they’ve undertaken a PR campaign including announcements of high-profile contract awards. The General Services Administration (GSA) recently awarded Unisys and Google a contract to host e-mail in the cloud. The US Department of Agriculture (USDA) selected Dell to supply Microsoft Online Services for the migration of 120,000 users and 21 e-mail systems to the cloud.
  • Microsoft was the winner of a Department of the Interior contract for moving e-mail to the cloud, a selection that Google protested. Google and its reseller, Onix Networking Corp, have filed suit against the Department of the Interior to overturn that selection.
  • Both Google Apps for Government and BPOS have been certified as being compliant with the Federal Information Security Management Act (FISMA). Being given FISMA Authority to Operate (ATO) is a certification the cloud infrastructure is a secure, trusted environment for government applications and databases they use.
  • The federal contracts for hosting e-mail in the cloud are not the first Big Government embrace of hosted e-mail. Microsoft reportedly has several hundred state and local agencies using its cloud services. New York City recently announced it will adopt Microsoft BPOS for 30,000 city users.
  • The State of California awarded a contract to Microsoft and Computer Sciences Corporation (CSC) for the migration of 130 of e-mail systems to Microsoft BPOS.
  • The State of Minnesota Office of Enterprise Technology (OET) announced an agreement with Microsoft to migrate Exchange e-mail and other communications services to BPOS in a private cloud.
  • sandy ingram on 03 Jan 11
     
    "In December 2010, the government's CIO, Vivek Kundra, released a 25-point plan for an overhaul of Federal IT that emphasizes a cloud-first policy for federal agencies. Currently the federal government is on pace to spend $79 billion on IT this year, with more than 20% going to infrastructure spending. Because the US government has spent $600 billion on IT over the past decade, the plan's intent is to reduce IT spending by the federal government."
sandy ingram

Steven Cloherty: Microsoft Online Services Risk Management | Charles | Channel 9 - 0 views

channel9.msdn.com/...nline-Services-Risk-Management

Privacy security Cybersecurity compliance cloud FISMA HIPAA IS027001 BPOS

shared by sandy ingram on 02 Apr 10 - Cached
  • The Microsoft Business Productivity Online Suite (BPOS) has recently earned the Statement on Auditing Standard (SAS) No. 70 Type II, Federal Information Processing Standard (FIPS) 140-2 compliance, and the International Organization for Standardization’s (ISO) 27001 standard – among others.  In addition, Microsoft has launched a new dedicated government cloud as part of the Business Productivity Online Suite to meet the most rigorous government requirements for security and privacy, including complying with the International Traffic in Arms Regulations (ITAR). Learn how these and other certifications help ensure our customers security, privacy, and business continuity. 
1 - 4 of 4
Showing 20 items per page