Monthly FED Roundup – September 2016

DISA’s September News

  • The DoD’s tool to detect and counter known cyber attacks, The Host Based Security System (HBSS), will be combined with other solutions to create a holistic approach to protecting our nation’s critical infrastructure and networks. This new solution will be known as Endpoint Security Solutions (ESS).
  • In an attempt to leverage efficiencies, reduce costs, and increase standardization of services across the computing environment, the Defense Information Systems Agency (DISA) is realigning the operations of its computing and storage activities.

NIST’s September News

  • NIST has developed a draft white paper on manufacturing implementation of the Cybersecurity Framework (“Profile”) in order to establish a roadmap for reducing cybersecurity risk for manufacturers thus aligning manufacturing sector goals and industry best practices.
  • NIST has released Draft NISTIR 8144, “Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue” – a document to outline threats and capabilities to prevent attacks on mobile devices and supporting infrastructure.
  • NIST has released Special Publication 800-177, “Trustworthy Email”; which covers email security technologies to detect and prevent phishing and other malicious email messages through state of the art technologies.
  • NIST has released Special Publication 800-160, “Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”, an overview of connected systems and the security needs and requirements to protect them.
  • NIST has released Draft NISTIR 8138, “Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities”, a methodology for characterizing vulnerabilities found in various forms of software and hardware implementations

NIAP’s September News

  • NIAP has released CCEVS Publication #6, Assurance Continuity: Guidance for Maintenance and Re-evaluation, v3.0 – as outlined in our previous blog post, this could have larger implications on Common Criteria evaluations.

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements.