Home / Blogs

Federal Cybersecurity Best Practices: FISMA Continuous Monitoring

Studies have found only limited, insufficient agency adherence with FISMA's (Federal Information Security Management Act) continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies "did not adequately monitor networks" to protect them "from intentional or unintentional harm."

To provide senior and staff level cybersecurity professionals with practical guidance in effectively implementing Information Security Continuous Monitoring (ISCM), the Center for Regulatory Effectiveness has released a Best Practices case study of agency compliance with FISMA's continuous monitoring requirements.

Based on NIST FISMA guidance and technical reference documents, CRE developed a set of five continuous monitoring principles. The study documents and explains how a federal agency thwarted an Advance Persistent Threat by adhering to the principles. The study also explains the crucial role of OMB and agency IT leadership in successfully driving agency adoption of continuous monitoring.

The five ISCM Best Practices, in brief, are:

  • Principle 1: Aggregate Diverse Data.
  • Principle 2: Analyze Multi-Source Data.
  • Principle 3: Create Real-Time Data Queries.
  • Principle 4: Transform Data Into Actionable Intelligence.
  • Principle 5: Maintain Real-Time Actionable Awareness.

The complete study is available, without cost, on CRE's FISMA Focus Interactive Public Docket (www.TheCRE.com/fisma) available here.

By Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness

Related topics: Cloud Computing, Policy & Regulation, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Why Managed DNS Means Secure DNS

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

IT Project Management: Best Practices in Small-Scale Engagements

Comments and Questions by DCA Trust on .Africa at the ICANN-47 Public Forum, Durban SA

DDoS Attacks in the United Kingdom: 2012 Annual Trends and Impact Survey

7 Keys to Professional Services Value: A Client-Side Perspective

Neustar Launches Global Partner Program

MarkMonitor Named a Top Trusted Website in OTA's 2013 Online Trust Honor Roll

Neustar Chief Technology Officer Appointed to FCC's Technological Advisory Council

A Look at Traffic Management for External "Cloud" Load Balancing

Dyn Research: Where Do Companies Host Their Websites?

Hope is Not a Strategy: Neustar Releases 2012 Annual DDoS Attack and Impact Survey

SPECIAL: Updates from the ICANN Meetings in Beijing

Sponsored Topics