Tag Archives: risk management

An inspector general report evaluated the Office of Personnel Management’s security program and practices in compliance with the Federal Information Security Modernization Act and offered 47 recommendations to OPM, Nextgov reported Thursday.

The National Cybersecurity Center of Excellence, an agency within the National Institutes of Standards and Technology, seeks public feedback on a recently drafted implementation project description. NCCoE said its project, known as Validating the Integrity of Servers and Client Devices, aims to demonstrate implementations that allow organizations to verify the authenticity of purchased computing tools.

Grant Schneider, federal chief information security officer, said the Federal Acquisition Supply Chain Council will prioritize the development of guidance in 2020 to help agencies address security threats to the supply chain, Nextgov reported Tuesday.

The General Services Administration and the Department of Energy are launching initiatives to address cybersecurity risks, Federal News Network reported Friday. Larry Hale, director of information technology security subcategory at GSA’s Federal Acquisition Service, said the agency is taking steps to ensure the security of products agencies procure from acquisition schedules.

The Defense Logistics Agency is working to implement the Office of Management and Budget’s policy mandating the integration of risk management and internal controls throughout the agency.

David Wennergren, CEO of the American Council for Technology and Industry Advisory Council, wrote in an FCW commentary piece published Monday that the Office of Management and Budget’s Cloud Smart policy touches on several ideas and one is its emphasis on application rationalization. 

Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and a 2019 Wash100 winner, said CISA is collaborating with the Office of Management and Budget and Congress to explore approaches to consolidate civilian agencies’ cybersecurity initiatives, Nextgov reported Thursday.

The National Institute of Standards and Technology solicited comments from industry partners as it works on a set of cybersecurity standards for manufacturers and users of internet of things-based devices, Federal News Network reported Tuesday. NIST officials held a workshop at its Gaithersburg, Md.-based headquarters Tuesday to seek industry feedback on an IoT risk management report released in June.

The Government Accountability Office has listed 58 recommendations to help agencies implement key practices in their respective risk management and cybersecurity initiatives. The recommendations include coordination with the secretary of the Department of Homeland Security, development of a risk management process document, facilitation of organization-wide security assessments and modernization of risk evaluation policies, GAO said in a report published Thursday.

The National Institute of Standards and Technology released its draft of "Privacy Framework" that provides information on how agencies and partners could identify and manage privacy risks more efficiently amid the growing use of the internet and new information technology platforms. “The Privacy Framework provides a common language for understanding, managing and communicating privacy risk with internal and external stakeholders,” NIST said in the document issued Tuesday.