The House Oversight and Government Reform (OGR) IT subcommittee followed up last week’s release of the sixth FITARA Scorecard (Scorecard 6.0) by releasing a second, more detailed scorecard. It provides insight into each of the categories of FITARA scoring, with methodology, metrics, calculations, and detailed data points on just how well each of the 24 agencies fared.  […]

The Department of Labor’s Office of Inspector General (OIG) said the agency needs to improve in two key legislative areas related to IT management, according to OIG’s semiannual report released Tuesday and covering October 2017 through March 2018. […]

cybersecurity

It’s not exactly the heist of the century, but the FDIC has stirred up a bit of controversy. Departing FDIC employees downloaded their family photos, personal emails, and the sensitive data of over 100,000 bank customers–oops. Instead of reporting to Congress, the agency stayed mum for months. This earned the agency a strict chiding from their IG in the form of a special inquiry issued on April 16. Fa    […]

TalaTek, a risk management company, announced on Feb. 26 that it received a FedRAMP ATO from the Pension Benefit Guaranty Corporation (PBGC) for its Enterprise Compliance Management Solution (ECMS). This cloud-based SaaS allows PBGC to centralize security statistics in real time and see whether it complies with a variety of security frameworks, including NIST security frameworks.  […]

The idea of a scorecard seems like a quaint notion, conjuring black and white photos of somebody’s grandad in a fedora, licking the pencil tip before recording the latest play at the old ballgame in his program. […]

The White House Office of Management and Budget issued a memorandum for agencies to submit their Federal Information Security Modernization Act reports to the Government Accountability Office by March 1, 2018. […]

Only one Federal agency achieved the highest scores in each of the cybersecurity framework areas in the Federal Information Security Management Act report for fiscal year 2016. The Federal Election Commission, which governs the financing of Federal elections, received top scores for identifying, protecting, detecting, responding, and recovering from cybersecurity incidents. […]

Agency chief information officers realize the need to convert from on-premise data centers to the cloud, but still find it challenging to convince agency heads that it’s a necessary step. David Bray, CIO of the Federal Communications Commission, said Feb. 8 at the Cloud Computing Caucus Advisory Group meeting, “If you are wedded to legacy systems you are trying to turn a battleship very, very slowly.” […]

Centrify and SailPoint Technologies have tools to address the tasks outlined in Phase 2 of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program, according to representatives from the companies and DHS itself. […]

The Office of the Inspector General at the Office of Personnel Management audited the agency’s security programs and practices under the Federal Information Security Modernization Act and found a significant deficiency in OPM’s security management structure. […]

Members of the House Committee on Science, Space, and Technology disagreed on Wednesday on whether the Cybersecurity Responsibility and Accountability Act of 2016 acted as a partisan dig against former Secretary of State and current Democratic presidential nominee Hillary Clinton and her use of a private email server. […]

Cloud computing offers the most security for government data, argued Homeland Security CIO of U.S. Citizenship and Immigration Services Mark Schwartz, at the Akamai Government Forum. […]

The Department of Veterans Affairs is on what appears to be an irreversible losing streak when it comes to its annual cybersecurity audit. Last week, VA’s Office of the Inspector General slapped the agency with a “material weakness” designation for its information security efforts—the 16th year in a row that VA has failed the annual […]

Federal agencies remain woefully behind on cybersecurity, according to the annual cybersecurity compliance report released Friday by the Office of Management and Budget. During the 2015 fiscal year, Federal agencies reported 77,183 cybersecurity incidents, a 10% increase over the incidents reported in 2014. Though the administration believes this increase may be attributed to improved detection […]

Microsoft Azure was selected for a FedRAMP pilot program that will establish a high-impact baseline for cloud-computing services. This essentially allows Federal agencies to move more sensitive data onto contracted cloud-computing services, enabling the sensitive data to operate on the more technically advanced level that is already possible for low-impact data. […]

A representative of a Federal cloud computing industry advisory group filed a formal complaint this week with the General Services Administration’s inspector general alleging officials from FedRAMP issued veiled threats of retaliation against member companies that publicly voiced concerns about problems with the cloud security certification process. […]

Data breaches at the Office of Personnel Management (OPM) have prompted a major cybersecurity push in Congress, and two bills propose giving the Department of Homeland Security (DHS) new authority and tools to protect Federal systems. […]

Categories