The Defense Department plans to roll out a new process for its acquisition of mobile application security services based on the Federal Risk and Authorization Management Program model, Federal News Radio reported Monday.

John Zangardi, acting DoD chief information officer, signed the mobile application security requirements memorandum which was designed to establish a baseline standard for applications as well as advocate reciprocity throughout the military.

“The [National Information Assurance Partnership] developed the baseline set of security requirements for organizations engaged in locally evaluating mobile applications … These requirements are achievable, testable, and repeatable and provide a basis for technical evaluation and risk determination by Authorization Officials,” said Zangardi in the memo.

Zangardi directed DoD agencies and service branches to utilize the “Requirements for Vetting Mobile Applications from the Protection Profile for Application Software” NIAP profile and tasked the Defense Information Systems Agency to create a portal for the new process within the next 90 days.

DoD service branches and agencies will also assess applications from the mobile application portal and other commercial stores prior to its development and acquisition to determine potential security threats.

The Office of the National Coordinator for Health Information Technology has introduced a prize competition that aims to determine potential vulnerabilities from the implementation of open source Fast Healthcare Interoperability Resources servers.

Steven Posnack, director of ONC’s standards and technology office, wrote in a blog post published Oct. 10 the agency seeks participants who can leverage current industry standards and best practices to create FHIR-compliant servers as part of the Secure API Server Showdown Challenge.

ONC plans to award a total of $50,000 in prizes to winners of the challenge that will the Server Build Stage and the Vulnerability Discovery Stage.

Phase 1 will involve the development and submission of FHIR servers for evaluation based on a technical judging criteria and the participants’ availability to take part in Stage 2.

The second stage of the challenge will comprise teams for the Discovery Track that will work to determine potential vulnerabilities from FHIR servers and the Server Track that will review submissions from the Discovery teams.

The Department of Homeland Security has released a new directive that seeks to help federal agencies protect emails and websites from cyber threats through the adoption of security protocols.

DHS will direct federal agencies to deploy the Domain-Based Message Authentication, Reporting and Conformance – DMARC – protocol within the next 90 days under the new binding operational directive in order to prohibit the potential use of government email domains by phishers and scammers in cyber attacks, the Global Cyber Alliance said Monday.

Jeanette Manfra, assistant secretary for DHS’ office of cybersecurity and communications, announced the new agency directive at a GCA-hosted cybersecurity roundtable.

“It is critical that U.S. citizens can trust their online engagements with all levels of the federal government,” Manfra said at the event.

The new rule also requires agencies to use Hypertext Transfer Protocol Secure or HTTPS for all federal websites within the next 120 days in an effort to secure connections between the government and citizens.

“If the U.S. government can deploy DMARC across more than 1,300 domains, then we should expect the same of the companies on which we depend,” said Phil Reitinger, GCA president and CEO.

Agencies should also configure their web-facing mail servers to offer the STARTTLS protocol as well as their second-level agency domains to have valid DMARC/Sender Policy Framework records within 90 days.

STARTTLS seeks to facilitate encryption of emails in transit, while SPF aims to speed up detection of unauthorized emails by enabling a sending domain to watermark emails.

The Department of Homeland Security met in Georgia with members of the National Association of Secretaries of State and other election executives to discuss the creation of a new council that seeks to facilitate communications between states and DHS in the event of a future cyber attack, the Washington Examiner reported Sunday.

The plan to establish a new government coordinating council came months after DHS designated election systems as critical infrastructure in January in response to Russia’s interference in the 2016 presidential elections.

“The other importance of the coordinating council actually being formed, is that there is so much activity on the federal level regarding legislation, I think this will give us, hopefully, a venue to help us inform members of the U.S. Senate and House of Representatives that states are taking an active role and we are doing a lot to prepare ourselves for the 2018 elections and beyond,” said Connie Lawson, NASS president and Indiana secretary of state.

Lawson said attendees also tackled the need to establish a chain of communication, objectives and deliverables for the proposed council at this weekend’s meeting, which was also attended by Elections Assistance Council representatives.