Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

DHS FISMA ratings go up

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 26 Sep 2019 09:34:24 +0000 (UTC)
https://fcw.com/articles/2019/09/24/dhs-fisma-johnson.aspx

By Derek B. Johnson
FCW.com
September 24, 2019
The Department of Homeland Security's information security practices have gone from good to better, according to a new inspector general audit.
Measuring via a five-point scale developed through the Federal Information Security Modernization Act, DHS improved its scores for the "protect" (developing and implementing appropriate safeguards of critical services) and "detect" (monitoring for irregular system activity) functions from a three out of five to four. That gives the department a score of four out five in all FISMA cybersecurity functions except "recover," which remains at a three.
The "protect" function encompasses activities like properly configured workstations with core security settings, strong identity and access management controls, a clearly defined data protection and privacy policy and regular security awareness trainings for staff.
Two areas where DHS was dinged: spotty patching and a lack of effective metrics to measure how its networks perform blocking attempts at data exfiltration. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: