nCircle Federal Outlook Blog

Magical Mystery Metrics

Advocates of expanding continuous monitoring of security controls got a great boost earlier this month with the appearance of the FY 2011 CIO FISMA Reporting Metrics. Especially interesting was the last section of the document, which asks agencies to report on their use of continuous monitoring in the areas of IDS/IPS; AV/Anti-Malware/Anti-Spyware; System Logs; Application Logs; Patch Status; Vulnerability Scans; DNS logging, and numerous other areas. This is very exciting, especially coupled with the emergence of Security Performance Management services like nCircle Benchmark, which could help agencies deliver on these requirements using the products and solutions they are already running.

However, all of the buzz on this document seems to trace back to the SANS NewsBites announcement and posting of the document on their website. After repeated searches, I can't find this report on the DHS website at all, or from any other government source. According to SANS, "The memo stems from 2010 guidance requiring government agencies to begin moving to continuous security monitoring." So, where exactly did this document come from? What does it mean? Inquiring minds -- and all those heavily invested in helping the government meet continuous monitoring requirements -- want to know...

Posted by Keren Cummins on June 17, 2011 5:11 PM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/410

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):


About

This page contains a single entry from the blog posted on June 17, 2011 5:11 PM.

The previous post in this blog was Where in the IPv6 world are your assets?.

The next post in this blog is The evolution of continuous monitoring.

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: Federal Outlook
Author: Keren Cummins

Keren W. Cummins is Director, Federal Markets for nCircle. Prior to joining nCircle, Keren served in executive positions with leading federal identity management solutions providers and has served several terms in public sector to include the Dept. of Commerce where she was a member of the Federal Public Key Infrastructure Steering Committee (FPKI SC) and the legislative and executive branches of the State of Texas.


Search

   


Recent Posts

   

Archives

   

Categories