Tag Archives: continuous monitoring

Inspector General Report: State Dept. Faces Persistent Information Security Challenges

Supply Chain Security

The State Department’s office of inspector general has released a report saying the agency has initiated steps to improve its information security program but continues to face significant issues and control weaknesses that increase its vulnerability to cyber threats and attacks. The document also uncovered issues with user access controls and records management. 

Read More »

Mark Berman on CMMC Accreditation Body’s Role in Supply Chain Cyber Posture Maintenance

Mark Berman

The accreditation body for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is authorized to offer cybersecurity services and Mark Berman, chairman of the communications committee within the body’s board of directors, said the AB is also tasked with helping certified vendors in the defense supply chain improve their cybersecurity posture, Nextgov reported Monday.

Read More »

DoD Inspector General Issues Summary of Unclassified, Classified Reports on Cybersecurity

The Department of Defense’s office of inspector general has released a summary of 20 unclassified and four classified reports related to cybersecurity and found that the Pentagon continues to encounter challenges in managing cyber vulnerabilities to its network. The Government Accountability Office and the Pentagon’s oversight community issued those reports from July 1, 2017 through June 30, 2018, according to OIG’s report published Wednesday.

Read More »

FedRAMP Issues 3 New Documents on Continuous Monitoring Process

The Federal Risk and Authorization Management Program has released three new documents to clarify its process for continuously monitoring FedRAMP-authorized cloud service providers. FedRAMP said Tuesday the new continuous monitoring documents include a draft of the “Automated Vulnerability Risk Adjustment Framework Guidance,” which is intended to help CSPs build and deploy …

Read More »

Inspector General: 64 of DHS’ National Security, Unclassified Systems Lack Authority to Operate

The Department of Homeland Security‘s inspector general evaluated DHS’ information security program for fiscal 2017 in compliance with the Federal Information Security Modernization Act of 2014 and found that 64 of its national security and unclassified systems lacked authority to operate. DHS IG said in a report published Wednesday the department failed …

Read More »

FedRAMP Issues New Documents, Updates to Optimize Continuous Monitoring Process

The Federal Risk and Authorization Management Program has released new documents and updated existing guides in an effort to streamline, clarify and optimize its continuous monitoring processes. FedRAMP said Wednesday the new and updated documents integrate feedback from cloud service providers and Joint Authorization Board review teams. The documents are intended to clarify certain elements …

Read More »

Matt Goodrich Unveils FedRAMP Authorization Baseline Cost Analysis

Matt Goodrich, director of the Federal Risk and Authorization Management Program at the General Services Administration, has said a mid-range cloud service provider would incur a total median cost of $2.25 million in order to get a FedRAMP authorization. Goodrich wrote in a blog entry posted Thursday a CSP would need to spend an additional $1 …

Read More »