by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 30, 2015
IN THE IT PIPELINE WHAT: A National Institute of Standards and Technology "sources sought" notice seeks information on vendors that can help the agency test a proven risk-scoring methodology that would lead to a long-term, real- time continuous monitoring program. WHY: NIST is looking for a plan, software and technical services for a year-long pilot for ve cat- egories of users at the agency: authorizing of cials, information system owners, information sys- tem security of cers, operating unit security of cers and security control assessors. Of cials are encouraging large, small and foreign com- panies to provide information about their abilities. The notice states that inter- ested companies should have experience with e-governance, risk and compliance tools, pref- erably RSA Archer, which is the approved vendor solution for the Department of Homeland Secu- rity's Continuous Diagnostics and Mitigation program. Companies should also have deep knowledge of NIST's Risk Management Framework and its Cybersecurity Framework. Furthermore, proposed solutions must include security control descriptions, assessment results, risk scoring and drill-down reporting capability. After the results of the pilot project are analyzed, NIST might conduct a competitive procure- ment and award a purchase order for a system. FULL LISTING: is.gd/FCW_DARPA_BRASS Trending of cybersecurity professionals say at least of some their security data goes unanalyzed due to lack of resources 78% 8 May 30, 2015 FCW.COM INK TANK A senior of cial at the National Insti- tute of Standards and Technology said one of his agency's ongoing projects is to foster a private marketplace for best practices in identity veri cation. Security isn't the only issue at stake, said Michael Garcia, deputy director of the National Strategy for Trusted Iden- tities in Cyberspace (NSTIC). Liability, interoperability and privacy are all fac- tors, and progress is needed in each area "to actually get to a functional, sustainable marketplace," he said. The theft of online credentials and the hassle of managing passwords are burdens on consumers. Forty-six per- cent abandon a website rather than try to reset a password or answer a security question, said Paul Grassi, NSTIC's senior standards and technol- ogy adviser, citing data from Verizon Enterprise Solutions. Passwords are a "perfect combina- tion of a really bad user experience as well as being terrible at security," Garcia said. There is broad interest in improving that user experience, not least from businesses wanting to offer more ser- vices online and federal of cials con- cerned about security. To harness that interest, NIST has funded the creation of the Identity Eco- system Steering Group, which includes stakeholders that range from Citigroup to the Electronic Frontier Foundation. By summer's end, the group will issue a preliminary framework of busi- ness rules and interoperability stan- dards for identity veri cation, Garcia said. The next version of the frame- work will get more speci c, with pro- visions on accountability mechanisms, risk models and liability arrangements, he added. "If nothing else, if we do this right, it removes this bilateral need for rooms full of lawyers to get together and spend months trying to gure out whether or not they can work togeth- er," Garcia said. --- Sean Lyngaas NIST plays matchmaker on identity veri cation
May 15, 2015
June 15, 2015