Tag Archives: risk management

Emile Monette: GSA Begins Work on Cyber Risk Framework for IT Systems Acquisitions

The General Services Administration has started to develop a cybersecurity risk profile for federal agencies to use when they purchase information technology products and services, Federal News Radio reported Friday. Emile Monette, senior adviser for resilience and cybersecurity at GSA’s Office of Governmentwide Policy, told the station agencies will work to prioritize risk …

Read More »

Essye Miller: Risk Management Framework for DoD IT Builds Commonality, Flexibility

The Defense Department‘s transition to the Risk Management Framework has helped streamline the secure integration of information technology systems and applications into the DoD network, FierceGovernmentIT reported Wednesday. Dibya Sarkar writes that contractors and military users found the previous DoD Information Assurance Certification and Accreditation Process challenging in terms of complexity, …

Read More »

Ron Ross: NIST Working on Final Guidance to Integrate Cyber Efforts

The National Institute of Standards and Technology is finalizing guidance for the integration of cybersecurity across the government’s mission areas to counter the increasing number of cyber attacks, Federal News Radio reported Thursday. Jason Miller writes NIST fellow Ron Ross noted that the “Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems” (Special …

Read More »

FFIEC Notes Inherent Risk, Preparedness as Cybersecurity Factors for Financial Institutions

The Federal Financial Institutions Examination Council says that financial institutions should focus their cybersecurity measures on managing inherent risk factors and engage executive leadership in evaluating an institution’s preparedness. FFIEC said in a report published Monday that it conducted a cybersecurity assessment of 500 financial institutions earlier this year and found that inherent …

Read More »

Mark Naggar: HHS Buyers Club Continues Program Evaluation After 1st Contract

Mark Naggar, program manager of the Department of Health and Human Services‘ Buyers Club, say the initiative is moving forward with its first contract to further develop procurement agility functions, Fedscoop reported Wednesday. Billy Mitchell writes that Naggar has noted future website changes, continued collaboration across the federal government and efforts to collect feedback on …

Read More »

FDA’s Suzanne Schwartz: Medical Device Manufacturers Need to Protect Against Cybersecurity Risks

The U.S. Food and Drug Administration recommends that cybersecurity measures become an inherent part of medical device design and development in the recently released final guidance for device manufacturers on cybersecurity risk management. “There is no such thing as a threat-proof medical device,” Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at …

Read More »

Tom Karygiannis: NIST Mobile App Vetting Guide Details Testing Methods

The National Institute for Standards and Technology is seeking comments from the public on the agency’s new draft guidelines on how to test mobile applications for potential privacy and security risks to the network or organization. NIST said Wednesday the “Technical Considerations for Vetting 3rd Party Mobile Applications” document covers test requirements, tools and techniques used …

Read More »

Report: NIST Cybersecurity Framework to Guide Companies’ Risk Mgmt Programs

The cybersecurity framework issued earlier this year is expected to guide companies to assess and manage their risk against evolving cyber threats as organizations adopt cloud computing, mobile and other emerging technologies, FCW reported Thursday. Michael Brown writes the National Institute of Standards and Technology‘s Framework for Improving Critical Infrastructure Cybersecurity …

Read More »