The National Institute of Standards and Technology has revised Special Publication 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans. This fourth revision contains significant changes to the 2010 version of the publication in content and format, according to NIST.
The publication is intended to provide guidelines for building security and privacy assessment plans as well as a comprehensive set of procedures for assessing security and privacy controls used in information systems and organizations.
The guidelines have been developed to help achieve more secure information systems within the federal government by:
- Enabling more consistent, comparable and repeatable assessments.
- Promoting a better understanding of risks resulting from the operation and use of federal information systems.
- Facilitating more cost-effective assessments of security and privacy controls.
- Creating more complete, reliable, and trustworthy information to support risk management decisions, reciprocity of assessment results, information sharing, and compliance to federal laws and policies.
Based on feedback from federal agencies that have conducted actual assessments as part of the risk management framework process, NIST made improvements in current security assessment procedures, including:
- Clarification of terminology.
- Expansion of the number of potential assessment methods and objects on a per-control basis.
- A simpler decomposition of assessment objects to align more closely with security control statements.
The changes should result in significant improvements in the efficiency and cost-effectiveness of control assessments for federal agencies, which NIST said will give senior leaders the information they need to understand the security and privacy of their organizations and to be able to make credible, risk-based information security and privacy decisions.
Posted on Dec 16, 2014 at 9:11 AM0 comments
The Army’s Corps of Engineers has awarded a $33 million contract to SGS to build an airport for the Gray Eagle and Shadow UAVs at Fort Bliss in Texas.
The Gray Eagle, the Army’s largest unmanned aerial vehicle, is a long-range, medium altitude system used for intelligence, surveillance and reconnaissance, attack, air support, IED detection and destruction, and as a communications hub.
The catapult-launched Shadow is used for ISR, targeting and assessment. It’s just over 11 feet in length, and can fly for up to six hours at altitudes of up to 15,000 feet.
The complex will include a 50,000-square-foot unmanned aircraft maintenance hangar and more than a mile of runways, aprons, and taxiways, according to an announcement from the company.
The airport will be fenced and secured, and the Army said all operations will take place in restricted airspace.
A longer version of this article originally appeared on Defense Systems, a sister site to GCN.
Posted on Dec 12, 2014 at 11:45 AM0 comments
The National Geospatial-Intelligence Agency’s Map of the World is the interface for the agency’s most comprehensive and accurate geospatial intelligence data.
Designed for novice users and geospatial-intelligence experts, it serves as a platform to explore constantly-updated content and link natural and man-made features on, above and beneath the Earth to intelligence observations. Users can search for objects like bridges or railroad depots and know where the objects are located, as well as intelligence embedded within each object.
Lockheed Martin’s Geospatial-Intelligence Visualization Services program helped NGA migrate the Map of the World to the AWS cloud, helping the intelligence community determine the processes to best use the cloud environment. The deployment also met the system’s compliance with ICD-503 guidelines, which establish policy for the intelligence community’s security risk management for IT systems.
This cloud deployment is an early step in the transformation of the intelligence community’s business infrastructure. It is expected to not only cut costs and increase efficiencies for the enterprise, but it will also provide the entire intelligence community access to the Map of the World, the single integrated environment where all analysts can examine data, record observations and share all known information about a threat.
“Deploying geospatial mission applications and software to a commercial cloud environment allows the Map of the World to operate with more agility and efficiency,” said Jason O’Connor, vice president of Analysis & Mission Solutions with Lockheed Martin Information Systems & Global Solutions. “This accomplishment demonstrates the power of what can be done by leveraging cloud technologies with mission-driven software. It shows how we can further enhance geospatial capabilities in the intelligence and DOD community.”
Posted on Dec 10, 2014 at 11:53 AM0 comments
A new website has launched to help U.S. industry understand the capabilities and availability of resources at federal government laboratories and their many potential partnership opportunities.
Developed by the Federal Laboratory Consortium for Technology Transfer (FLC), FLCBusiness provides a searchable database of federal lab capabilities and know-how, facilities and equipment available for public and private utilization, lab-specific programs and funding opportunities.
FLCBusiness was created to advance technology transfer (T2) and help commercialize federal research in order to support higher-growth for American businesses.
With the cooperation of federal labs across the country providing their leading-edge resources, any business will now have the ability to “one-stop shop” along the avenue of innovation, FLC said in its announcement.
“By housing all of this information on one dynamic site, the FLC is able to further its mission to bolster T2 and assist with the advancement of U.S. industry,” said FLC chair Paul Zielinski.
Posted on Dec 08, 2014 at 12:47 PM0 comments
Boston Mayor Martin J. Walsh announced that the city will upgrade its permitting and licensing system.
Working with Accela, a provider of civic engagement solutions for government, and OpenCounter, a firm that builds tools to support local economic development, the city’s Department of Innovation and Technology (DoIT) will design and deploy a modern system to manage the 86,000 permits the city issues annually.
The companies will work with DoIT to build and deploy a modern, cloud-based permitting system that will work across departments to help coordinate workflow, integrate backend systems and provide an improved public experience.
The Accela Civic Platform offers a foundation for creating a two-way flow of data that helps agencies and citizens engage online and improves the permit and license experience for applicants ranging from homeowners to experienced contractors.
Accela and OpenCounter will deliver the first phase of the new system in a six-month timeframe, with enhancements to occur over a two-year period. Both companies have provided solutions in Boston and in the Commonwealth of Massachusetts. Accela software and services are in use by the Boston Public Health Commission and the Commonwealth of Massachusetts’ Division of Professional Licensure, Office
“We’ve already made deep improvements to the way the public does business with the City by taking steps to streamline and improve licensing and permitting operations, but there’s always more to be done,” said Mayor Walsh. “This partnership with Accela and OpenCounter will take us further, creating a coordinated and seamless experience across departments for residents and business owners seeking permitting and licensing through the city.”
Posted on Dec 05, 2014 at 10:57 AM0 comments