It’s not exactly the heist of the century, but the FDIC has stirred up a bit of controversy. Departing FDIC employees downloaded their family photos, personal emails, and the sensitive data of over 100,000 bank customers–oops. Instead of reporting to Congress, the agency stayed mum for months. This earned the agency a strict chiding from their IG in the form of a special inquiry issued on April 16. Fa […]
The Federal Risk and Authorization Management Program (FedRAMP) has released new guidance to help cloud service providers (CSP) better delineate the authority and responsibility shared between providers and government agencies.[…]
TalaTek, a risk management company, announced on Feb. 26 that it received a FedRAMP ATO from the Pension Benefit Guaranty Corporation (PBGC) for its Enterprise Compliance Management Solution (ECMS). This cloud-based SaaS allows PBGC to centralize security statistics in real time and see whether it complies with a variety of security frameworks, including NIST security frameworks.
Only one Federal agency achieved the highest scores in each of the cybersecurity framework areas in the Federal Information Security Management Act report for fiscal year 2016. The Federal Election Commission, which governs the financing of Federal elections, received top scores for identifying, protecting, detecting, responding, and recovering from cybersecurity incidents.[…]
The General Services Administration’s information security practices contain deficiencies in five of eight FISMA program areas, according to an independent evaluation done by KPMG, a professional auditing company.[…]
Agency chief information officers realize the need to convert from on-premise data centers to the cloud, but still find it challenging to convince agency heads that it’s a necessary step. David Bray, CIO of the Federal Communications Commission, said Feb. 8 at the Cloud Computing Caucus Advisory Group meeting, “If you are wedded to legacy systems you are trying to turn a battleship very, very slowly.”[…]
The Department of Homeland Security continues to use unsupported operating systems that may expose agency data to unnecessary risks, according to a recent evaluation issued by DHS Office of Inspector General.[…]
Centrify and SailPoint Technologies have tools to address the tasks outlined in Phase 2 of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program, according to representatives from the companies and DHS itself.[…]