Dashboard gauge indicating near compliance

Agencies still struggling with FISMA compliance

The latest GAO report on IT security shows "mixed progress" in implementing required security programs, citing inadequate reporting metrics and a focus on regulatory compliance as the culprits.

Hacker in a dark room

Hackers-for-hire group targeting government assets, report says

Hidden Lynx, a sophisticated group of professional hackers located in China, has carried out high-profile attacks on government, IT contractors and other industries at least since 2009, Symantec says.

stealth

Stealth can protect networks by making parts invisible

Unisys has high hopes for government uses of the software tool that controls who sees what on a network.

DNS

NIST updates guidelines for securing the DNS

NIST updated its guidance for deploying a secure Domain Name System in government enterprises to ensure the availability and integrity of critical DNS data.

LynxWorks rootkit detection

LynuxWorks rootkit detector adds hardware punch to security scanning

LynuxWorks' system, called RDS5201, is an appliance capable of detecting low-level, zero-day rootkits in real time.

ID

5 pilots to take trusted online ID plan to the next stage

The NSTIC programs, which received more than $7 million in grants, range from military, civilian and commercial authentication initiatives to one aimed at protecting children’s privacy online.

eyes

Biometric ID coming to a government office near you

This week's Biometric Consortium Conference showcases a wide range of hardware and software solutions for personal identification/authentication applications in government.

back door

Suspect NIST crypto standard long thought to have a back door

The agency is advising against using an elliptic curve algorithm adopted in 2006 that has concerned cryptographers from the beginning.

FDAS

Forensics tool makes sure investigators don't come up empty

CyanLine's Fast Disk Acquisition System gives forensics teams a real-time preview of what's on a drive, including whether it's set to prevent copying.

scam

Officials warn of spoofed health exchange websites

The look-alike Web pages may be created by interest groups, private insurance companies and, sometimes, scammers looking to gather personal information.

PIV

PIV credentials can now be used with mobile devices

The latest revision of FIPS 201, which sets the requirements for PIV cards, includes credentials for mobile devices and new interfaces to enable access with contactless connections.

Football referees check instant replay machine

NSA reports prompt NIST to reopen public review of crypto standards

Public concern over possible tampering by the NSA has led NIST to reopen the comment period on a suite of publications, but the IT security community isn't worried.

Topic Resources

  • Continuous Monitoring: Elevating Cybersecurity in State and Local Government

    State and local agencies are not required to comply with federal policies related to continuous monitoring and NIST's Cybersecurity Framework, but they would be better off if they did. Whether it is required or not, the concept of continuous monitoring has been proven to raise the level of cybersecurity when implemented appropriately and with the right tools. Join this webcast to learn more about how your agency could benefit from continuous monitoring and NIST guidance.

  • The Rising Threat of Enterprise Cybercrime

    Cybercriminals are leveraging vulnerabilities of the Internet, browsers, operating systems, and applications to secretly and proficiently gain access to information assets. Compromising employee endpoints with malware has become the preferred method; a far simpler path into the network than a direct network attack. Agencies need to recognize and address this growing danger.

  • Continuous Monitoring to Achieve Cybersecurity

    As the cyber threat landscape evolves, security methods and tools need to change, too. In this Digital Dialogue, Ken Durbin, manager of Continuous Monitoring Practice at Symantec, explains how the undefined boundaries of the modern IT infrastructure necessitate the deployment of continuous monitoring solutions.

  • Stopping Zero-Day Exploits for Dummies

    Cyber attacks are growing every day and can become serious threats to your organization, but how do you know and understand the threats out there? Download a copy of this book, and you will discover the zero-day exploits and threats used to compromise your agency.