Blogs

Weekly WHAT: NIST guide on app whitelisting, ISAO standards, President joins Facebook and more

By Yejin Jang posted Nov 11,2015 11:08 AM

  

Greetings NASCIO colleagues and partners! NASCIO's top ten survey indicates that security is again, the highest priority for our State CIOs - here's some of the cybersecurity and other IT-related activity going on in your nation's capitol.  Call, email, text with any questions!  

NIST publishes guide to deploying application whitelisting

On November 5, the National Institute of Standards and Technology (NIST) released, Guide to Application Whitelisting which is intended to “assist organizations in understanding the basics of application whitelisting and planning for its implementation.” The following recommendations are highlighted in the report as methods for efficient and effective application whitelisting: Consider using application technologies already built into the host operating system; use products that support more sophisticated application whitelisting attributes; test prospective application whitelisting technology in monitoring mode; address application whitelisting technology planning and deployment in a phased approach; analyze the environment in which the application whitelisting will be running.  Access the full guide here.

ISAOs host first public meeting to discuss standards

On November 9, the Information Sharing and Analysis Organization (ISAO) Standards Organization convened for its first public meeting in Tysons Corner, Va.  Led by the University of Texas-San Antonio with support from LMI and the Retail Cyber Intelligence Sharing Center (R-CISC), this body is charged with setting a minimal set of activities that ISAOs must undertake. This is a result of President Obama’s Executive Order 13691 which required the creation of a nonprofit organization to develop a common set of voluntary standards for ISAOs. In the next couple of weeks, the organization will issue a notice for comment with a goal of issuing best practices for groups seeking to create ISAOs by February 2016.  The ISAO Standards Organization will be identifying working groups that will work on standards development with 85 percent of draft standards to be done by mid-May 2016 with a goal of publishing the initial set of standards by September 12, 2016.

OPM gives DHS approval to hire up to 1,000 cyber professionals

The Office of Personnel Management has granted the U.S. Department of Homeland Security (DHS) the ability to fast track and fill up to 1,000 cybersecurity positions. New hires will perform a range of roles including: cyber incident response, risk analysis, malware and vulnerability analysis and intelligence analysis, program management, cyber vulnerability detention, network and systems engineering and enterprise architecture.

Appropriations summary

On Monday (11/2), the President signed the budget agreement and debt limit increase bill, H.R. 1314. Appropriators now have to draft spending bills with new financial wiggle room negotiated in the budget agreement, prior to the December 11 continuing resolution deadline that is currently keeping the government funded.  The traditionally non-controversial Military Construction-Veterans Affairs (Mil-Con-VA) appropriations bill passed the Senate, 93-0, just before Veterans Day. Senate Majority Leader Mitch McConnell (R-Ky.) is being praised by some for opening up the appropriations process, moving one bill at a time on the Senate floor with opportunities for amendments. In the end, however, all or some of the 12 appropriations bill will likely be part of a larger omnibus package and would still require reconciliation with the House version (H.R. 2577).

Asbestos concerned groups seek help from cybersecurity caucus, then quickly denied

Public interest groups including the Environmental Working Group Action Fund and the Center for Justice and Democracy wrote a letter to caucus co-chairs, Reps. Jim Langenvin (D-R.I.) and Michael McCaul (R-Texas) urging them to oppose asbestos legislation, H.R.526, that aims to protect the finite trusts that compensate asbestos victims from paying fraudulent claims by requiring claimants to produce quarterly reports with information about requests and basis for payments. The groups had urged the cyber caucus’ involvement by focusing on the risk of identity theft and cyber attack.

In a sharply worded letter, Cybersecurity Caucus co-chairs responded by essentially telling the group they had it terribly wrong stating that the Caucus is a “neutral space for discussion and education” and does not support or oppose specific legislation.

Senate Judiciary Subcommittee Examines Security of Data Brokers

On November 3, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology and the Law held a hearing, “Data Brokers: Is Consumers’ Information Safe” with three witnesses including two chief security officers from data broker firms and the executive director from the World Privacy Forum. All witnesses testified to the importance of security controls and agreed on adoption of the NIST framework.

TechBytes:

FCC imposes fines for convention wifi provider that blocked MiFis

Where are the cybersecurity jobs? This heat maps shows you

State adjusts its cloud budgeting plan from “pay as you go” to projections of consumption

President Obama, will you be my facebook friend?

Corporate executives: “Hold businesses liable for breaches” if they haven’t taken security measures

0 comments
177 views

Permalink