MeriTalk News Briefs: FDIC IT Audited, NPPD Rebrand Urged, NIST Tackles CUI

Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.

FDIC OIG Faults Agency Progress on IT Planning, Architecture, Governance

The Federal Deposit Insurance Corp.’s Office of Inspector General issued a report that faults the agency on progress with strategic IT planning, enterprise architecture (EA) planning, and governance bodies and practices related to three IT initiatives: migration of email operations to the cloud; deployment of laptop computers to FDIC employees and contractors; and potential adoption of a managed services solution for mobile IT devices. The OIG said it issued a set of eight recommendations to the agency’s CIO covering: coordination with stakeholders; incorporation of cloud strategy principles into its IT governance framework; implementation of EA as part of the governance framework and use of EA to guide IT decision making; and revising governance processes including roles and responsibilities for governance bodies, among others.  According to the OIG, FDIC’s CIO organization concurred with all of the recommendations, said it completed actions to address six of them, and planned to complete actions to address the remaining two recommendations by June 2019.

Tech Groups, Chamber Plug for NPPD Renaming

The U.S. Chamber of Commerce and a host of technology trade associations urged Senate leaders to swiftly approve the Cybersecurity and Infrastructure Security Agency Act (HR 3359), a bill that would rename the Department of Homeland Security’s National Protection and Programs Directorate.  The proposed new name–the Cybersecurity and Infrastructure Security Agency (CISA)–would more “clearly communicate the agency’s cybersecurity mission,” said the groups, which include CTIA, NCTA, and USTelecom. DHS’ leaders have been pining for NPPD’s renaming in public appearances and Hill testimonies over the past several months. 

NIST Releases Bulletin on Safeguarding Controlled Unclassified Information

The National Institute of Standards and Technology today released its Information Technology Laboratory Bulletin for July 2018. “The bulletin summarizes the information found in NIST SP 800-171A: Assessing Security Requirements for Controlled Unclassified Information (CUI), which provides Federal and non-Federal organizations with assessment procedures and a methodology that can be employed to conduct assessments of the CUI security requirements.” The bulletin goes on to describe how it is “of utmost importance” that agencies protect CUI contained in non-Federal systems and outlines procedures for ensuring appropriate security of the information.

Recent