Agencies Will Soon Have a Cyber Hygiene Score -- And Will Know Where They Rank

[InfoSec News <alerts () infosecnews org>]

https://www.nextgov.com/cybersecurity/2018/11/agencies-will-soon-have-cyber-hygiene-scoreand-will-know-where-they-rank/153114/

By Aaron Boyd
Senior Editor
NextGov
November 28, 2018

Soon, federal agencies will have a clear idea of how they are doing on 
basic cybersecurity and be able to compare their posture to other agencies 
across the government.

The Homeland Security Department's Continuous Diagnostics and Mitigation 
program, or CDM, is providing agencies with a sophisticated suite of 
cybersecurity tools. As those tools are put in place, the associated 
sensors are sending data to a centralized dashboard, giving Homeland 
Security and agencies a holistic view of cybersecurity throughout the 
federal enterprise.

Now, Homeland Security is using that data to compile cyber scores using an 
algorithm called AWARE, which stands for Agency-Wide Adaptive Risk 
Enumeration. The algorithm measures the existence of known vulnerabilities 
within an agency's systems -- those that have yet to be patched -- and the 
baseline configuration settings to give an agency an overall rating on 
cyber hygiene.

Kevin Cox, CDM program manager at Homeland Security, likened the AWARE 
score to a credit score but in reverse -- a higher number generally 
represents a worse cyber posture.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_