The National Checklist Program is a resource for configuring IT products to help ensure a baseline of security is being met. A revised set of guidelines for using checklists is available for review. Understanding and maintaining the configuration of IT systems and devices is a key part of IT security. But with scores or hundreds … Continue reading National Checklist Program is a resource for maintaining baseline security
Cybereye
A weekly column on all things cyber
FirstNet has tough decisions ahead about its public safety network
With an initial $7 billion and a block of radio spectrum in hand, FirstNet—charged with creating a nationwide public safety network—has to decide how to fully fund, build and operate the network. The First Responder Network Authority—FirstNet—the independent authority overseeing development of a nationwide broadband network for first responders, expects to release this month a … Continue reading FirstNet has tough decisions ahead about its public safety network
Untangling the knotty problem of information sharing
Although everyone agrees that information sharing is essential to effective cybersecurity, issues of trust between the private sector and government and among governments make this a challenge that can only be addressed by Congress. Retired General and Former NSA Director Keith Alexander said recently that without more effective sharing of threat information the nation’s cybersecurity … Continue reading Untangling the knotty problem of information sharing
NSTIC pilots provide real world options for identity management
As NIST opens a new round of pilot grants for identify verification schemes, a number of earlier NSTIC pilots already have proved their worth in solving the knotty problem of managing identities online. The National Institute of Science and Technology has announced its fourth round of grants to fund pilot programs for innovative identity verification … Continue reading NSTIC pilots provide real world options for identity management
The Cybersecurity Framework at One Year
One year after publication, the administration’s Cybersecurity Framework remains a work in progress, but it is helping to drive and define discussions on the need for cybersecurity as an integral part in the risk management of our critical infrastructure. The administration’s Framework for Improving Critical Infrastructure Cybersecurity marked its first birthday this month, and although … Continue reading The Cybersecurity Framework at One Year
NIST seeks modest bump in cybersecurity funding in ’16 budget request
The Commerce Department’s budget request for fiscal 2016 includes 7 percent increase in cybersecurity funding at NIST to support research and standards development to protect the nation’s IT systems and critical infrastructure. The additional $7 million would help fund 10 new full time positions to expand the institute’s work in cryptography and privacy. The National … Continue reading NIST seeks modest bump in cybersecurity funding in ’16 budget request
FedRAMP Forward—Government’s roadmap for Cloud Computing
The first two-and-a-half years of FedRAMP—the government’s program to jump-start adoption of cloud computing through blanket security authorizations for service providers—has been a success; but the Federal CIO Council has created a two-year roadmap to speed agency adoption of cloud services, increase the pool of certified service providers, and keep security requirements up to date. … Continue reading FedRAMP Forward—Government’s roadmap for Cloud Computing
Managing risk in the Smart Grid
The administration has produced guidelines for protecting the nation’s critical infrastructure—a voluntary risk-based framework that tells system owners and operators what they should do to manage cybersecurity risks. Research from Waverley Labs and the University of North Carolina at Charlotte has developed a risk assessment model for the smart grid that could tell them how … Continue reading Managing risk in the Smart Grid