The National Security Agency’s (NSA) Office of Inspector General (OIG) has for the first time released its semi-annual report to Congress as an unclassified document, and in the process shed light on IT deficiencies at the agency. The report, released Wednesday and covering the period of October 1, 2017 to March 31, 2018, highlights multiple audits that found numerous issues in the governance of NSA’s IT infrastructure and its subsequent ability to mitigate cybersecurity risk. […]

During a General Services Administration (GSA) webinar on July 18, officials explained why Federal agencies should use GSA tools to move to the cloud, how agencies can utilize IT Schedule 70 to move to the cloud, and how to meet FedRAMP requirements.






[…]

The Office of the Inspector General (OIG) found that the General Accountability Office (GAO) isn’t fully compliant with the Federal Information Security Modernization Act of 2014 (FISMA), according to a report released yesterday.






[…]

The House Oversight and Government Reform Committee (OGR) on Tuesday approved by voice vote a bill which would allow Federal agency heads to limit access to certain websites or deploy cybersecurity measures if they feel that it is necessary to secure their IT systems, but not before strong vocal dissent about the scope of the legislation.






[…]

Jordan Burris, senior cybersecurity advisor to Federal CIO Suzette Kent at the Office of Management and Budget (OMB), said Friday at an Information Security and Privacy Advisory Board (ISPAB) meeting that Federal agencies are continuing to make progress on curbing their cybersecurity risks, following concerning findings from the White House.






[…]

Survey results discussed during a June 14 Digital Government Institute webinar seem to bode well for end-user reception of deployment of Continuous Diagnostics and Mitigation (CDM) Phase 3 technology by the Department of Homeland Security, which is charged with improving the security of Federal civilian networks.






[…]

The unique role of the Department of Homeland Security (DHS) in leading cybersecurity efforts for the entire civilian Federal enterprise presents a unique challenge and one that requires the government to rethink its understanding of risk, DHS’ Jeanette Manfra said Thursday at MeriTalk’s Akamai Government Forum.






[…]

DHS Continuous Diagnostics and Mitigation (CDM) is pivotal to improving government cybersecurity. While it’s critical, it has a lot of moving parts–and that can make it difficult to follow. MeriTalk sat down with Kevin Cox to get a handle on the state of CDM, as well as an understanding of where the program goes from here. And, it’s quite a story–so I hope you’re sitting comfortably, feel free to grab a cup of coffee.






[…]

The Small Business Administration’s (SBA) Office of Inspector General (OIG) found that the agency needs to improve compliance three key pieces of Federal IT Legislation, according to OIG’s semiannual report, released May 25 and covering October 2017 through March 2018.






[…]

The House Oversight and Government Reform (OGR) IT subcommittee followed up last week’s release of the sixth FITARA Scorecard (Scorecard 6.0) by releasing a second, more detailed scorecard. It provides insight into each of the categories of FITARA scoring, with methodology, metrics, calculations, and detailed data points on just how well each of the 24 agencies fared. 






[…]

The Department of Labor’s Office of Inspector General (OIG) said the agency needs to improve in two key legislative areas related to IT management, according to OIG’s semiannual report released Tuesday and covering October 2017 through March 2018.






[…]

It’s not exactly the heist of the century, but the FDIC has stirred up a bit of controversy. Departing FDIC employees downloaded their family photos, personal emails, and the sensitive data of over 100,000 bank customers–oops. Instead of reporting to Congress, the agency stayed mum for months. This earned the agency a strict chiding from their IG in the form of a special inquiry issued on April 16. Fa   






[…]

Action plans to accelerate Federal agency migrations to cloud platforms and services as outlined in the White House IT Modernization Report have been in effect for nearly three months now. For instance, the Office of Management and Budget (OMB) was directed to conduct a data call within 30 days of the report’s release, requesting agencies to identify systems that might be ready for cloud migration, but have not because of some perceived or encountered difficulties.






[…]

The Department of Homeland Security (DHS) has been working in unison with the Office of Management and Budget to assess the risk management posture of the Federal government. They’ve been using a combination of agency self-reporting and independent verification to evaluate each agency’s mitigation techniques as well as the nation’s overall security standing. DHS’ latest […] […]

TalaTek, a risk management company, announced on Feb. 26 that it received a FedRAMP ATO from the Pension Benefit Guaranty Corporation (PBGC) for its Enterprise Compliance Management Solution (ECMS). This cloud-based SaaS allows PBGC to centralize security statistics in real time and see whether it complies with a variety of security frameworks, including NIST security frameworks. 






[…]

The idea of a scorecard seems like a quaint notion, conjuring black and white photos of somebody’s grandad in a fedora, licking the pencil tip before recording the latest play at the old ballgame in his program.






[…]

With an increasing attack surface resulting in millions of new threats every year, partially updating C&A documents every six months, re-mediating a few Plan of Action and Milestones, and updating all docs every three years, won’t, and doesn’t, keep the bad guys out of Federal networks.






[…]