It’s not exactly the heist of the century, but the FDIC has stirred up a bit of controversy. Departing FDIC employees downloaded their family photos, personal emails, and the sensitive data of over 100,000 bank customers–oops. Instead of reporting to Congress, the agency stayed mum for months. This earned the agency a strict chiding from their IG in the form of a special inquiry issued on April 16. Fa    […]

TalaTek, a risk management company, announced on Feb. 26 that it received a FedRAMP ATO from the Pension Benefit Guaranty Corporation (PBGC) for its Enterprise Compliance Management Solution (ECMS). This cloud-based SaaS allows PBGC to centralize security statistics in real time and see whether it complies with a variety of security frameworks, including NIST security frameworks. 






[…]

The idea of a scorecard seems like a quaint notion, conjuring black and white photos of somebody’s grandad in a fedora, licking the pencil tip before recording the latest play at the old ballgame in his program.






[…]

The White House Office of Management and Budget issued a memorandum for agencies to submit their Federal Information Security Modernization Act reports to the Government Accountability Office by March 1, 2018.






[…]

Only one Federal agency achieved the highest scores in each of the cybersecurity framework areas in the Federal Information Security Management Act report for fiscal year 2016. The Federal Election Commission, which governs the financing of Federal elections, received top scores for identifying, protecting, detecting, responding, and recovering from cybersecurity incidents.






[…]

Agency chief information officers realize the need to convert from on-premise data centers to the cloud, but still find it challenging to convince agency heads that it’s a necessary step. David Bray, CIO of the Federal Communications Commission, said Feb. 8 at the Cloud Computing Caucus Advisory Group meeting, “If you are wedded to legacy systems you are trying to turn a battleship very, very slowly.”






[…]

Centrify and SailPoint Technologies have tools to address the tasks outlined in Phase 2 of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program, according to representatives from the companies and DHS itself.






[…]

1 2 3