Home / Blogs

Federal Cybersecurity Best Practices: FISMA Continuous Monitoring

Studies have found only limited, insufficient agency adherence with FISMA's (Federal Information Security Management Act) continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies "did not adequately monitor networks" to protect them "from intentional or unintentional harm."

To provide senior and staff level cybersecurity professionals with practical guidance in effectively implementing Information Security Continuous Monitoring (ISCM), the Center for Regulatory Effectiveness has released a Best Practices case study of agency compliance with FISMA's continuous monitoring requirements.

Based on NIST FISMA guidance and technical reference documents, CRE developed a set of five continuous monitoring principles. The study documents and explains how a federal agency thwarted an Advance Persistent Threat by adhering to the principles. The study also explains the crucial role of OMB and agency IT leadership in successfully driving agency adoption of continuous monitoring.

The five ISCM Best Practices, in brief, are:

  • Principle 1: Aggregate Diverse Data.
  • Principle 2: Analyze Multi-Source Data.
  • Principle 3: Create Real-Time Data Queries.
  • Principle 4: Transform Data Into Actionable Intelligence.
  • Principle 5: Maintain Real-Time Actionable Awareness.

The complete study is available, without cost, on CRE's FISMA Focus Interactive Public Docket (www.TheCRE.com/fisma) available here.

By Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness

Related topics: Cloud Computing, Policy & Regulation, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

What Holds Firms Back from Choosing Cloud-Based External DNS?

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Port25

Email

Sponsored by
Port25
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Afilias

DNS Security

Sponsored by
Afilias