- Sep 2020
-
strategy-staging.data.gov strategy-staging.data.gov
-
Select Statutory authority related to data
CUI? archives
-
- Feb 2020
-
nvlpubs.nist.gov nvlpubs.nist.gov
-
e default judgment value set consistent with NIST guidance is the 845 two-value set, Satisfied or Other than Satisfiedor equivalently, True/False
criteria for a "meets requirement"
-
For a scope of only the DEFINE and ESTABLISH ISCM Process Steps, only elements 711 applicable to ISCM Process Steps 1 and 2 are selected from the Catalog or organization-712 defined set of assessment elements. Note that each element is applicable to only one 713 Process Step, and multiple steps are sequential and include Step 1, DEFINE.
caveat statement on the abstraction of "IT" shop, maybe program, not system level implementation?
-
The [ Catalog] provided with this publication is an extensive set of ISCM program assessment 700 elements and is considered to be the minimum set of elements needed for a comprehensive 701 ISCM program assessment.
confusing statement about this being an "extensive set" while being considered "to be the minimum set of elements needed" comprehensive is perhaps enough of a qualifier but still a confusing statement.
-
Organizations may incorporate additional assessment elements to 667 evaluate the assessment of individual controls or the control assessment process, if desired, as 668 part of the ISCM program assessment tailoring process
previous comment about the need to enforce supplemental guidance if this route is taken
-
The ISCM program monitors the security status of systems and the environments in 626 which those systems operate on an ongoing basis with a frequency sufficient to make 627 ongoing, risk-based decisions on whether to continue to operate the systems within the 628 organization; and
monitoring!
-
ISCM results are reported to appropriate officials who make ongoing authorization 630 decisions.
reporting!
-
The metrics provided by the ISCM program are considered sufficiently stable and robust 624 for informing OA decisions;
metrics!
-
Control assessments (in accordance with NIST SP 800-53A) are conducted at a 622 documented frequency sufficient to support OA;
frequency!
-
ISCM program assessment from the guidance in this publication is 443 likely to produce different assessment criteria depending on what is important to the organization 444 or assesso
There should be an explicit requirement for any organization that chooses to tailor or enhance criteria that deviations be publicly disclosed as supplemental guidance.
-
- Apr 2019
-
demo.digital.gov demo.digital.gov
-
If your agency already has an admin listed, do you need their approval to be appointed as an admin?
Should be subtitles
-
- Oct 2018
-
cloud.cio.gov cloud.cio.gov
-
Leveraging cybersecurity expertise in the FedRAMP program will allow the Federal Government to continue to increase the efficiency and effectiveness of agency security practices in adopting cloud systems, while eliminating the burden on security professionals, providers, and agency leadership.
no coverage of automation or focus on inheritance
-
DHS’s Continuous Diagnostics and Mitigation (CDM) program5 must continue to evolve in order to equip agencies with the monitoring tools and capabilities they need to understand their cyber risk in the cloud
and allow for criteria that meets the needs of the requirement, not just a list of 3rd party vendors that provide tools to meet compliance
-
confidentiality, security, and availability of its data
integrity?
-
detect malicious activity
...or unauthorized access
-
For example, to utilize the distributed nature of cloud, moving security controls from the network perimeter closer to the data itself can improve the overall security posture
amen
-
efficiency, accessibility, and privacy
should also be bolded
-
requirements
... of the end-user or customer...
-
nly need to provide their data
provide or interoperate through an API?
-
To achieve this goal, project development and execution efforts will often be needed to refactor applications to take advantage of new capabilities such as auto-provisioning and auto-scaling, and this must be factored into analysis and planning.
More about refactoring applications to be non-monolithic not just auto-*
-
A cloud migration strategy should not be considered a question of who owns the computing resources, data, and facility, but rather can this solution improve service delivery to citizens
Statement is misaligned with Data-centric security control regimes
-
- Feb 2018
-
www.whitehouse.gov www.whitehouse.gov
-
would facilitate better environmental reviews in conjunction with the design of projects and would facilitate more efficient and more effective efforts to address environmental impacts.
Why not enforce this somehow?
-
- Aug 2017
-
tech.gsa.gov tech.gsa.gov
-
Onboarding lead time Time between a request for a new application to use the DevSecOps platform and the application being deployed on the platform
offboarding leadtime?
-
SLA
Service Level Agreeement
-
- Feb 2017
-
-
Why Pipeline?
Docker/DSL Pipeline vs Groovy native?
-
- Dec 2016
-
dradisframework.com dradisframework.com
-
A final note on what to include on each finding: think about the re-test. If six months down the line, the client comes back and requests a re-test, would any of your colleagues be able to reproduce your findings using exclusively the information you have provided in the report?
Reproducibility == ready for automation
-
- Jun 2015
-
nepanode.anl.gov nepanode.anl.gov
-
Nationwide Rivers Inventory (NRI) was last updated in 1996.
-
-
gold.ox.io gold.ox.io
-
OX App Suite Map..........................................................................................................................2 Portal..............................................................................................................................................3 Email................................
a
-
-
nepanode.anl.gov nepanode.anl.gov
-
Featured Content
Test... to show how you can highlight any text (in a map/pdf/html) annotate it, comment on it, tag it, and share it so all visitors can see your notes
I am a qoute
Tags
Annotators
URL
-
-
nepanode.anl.gov nepanode.anl.gov
-
Critical Habitat - Terrestrial - Polygon [USFWS] Critical Habitat - Terrestrial - Line [USFWS]
Critical Habitat Layers need to be updated
-
- Apr 2015
-
cms.doe.gov cms.doe.gov
-
Page A basic page containing text and an optional hero.
Project Pages
New Page from which Downloads are Filtered and displays
-
Download A page containing files for download, along with a description of them. You may attach multiple files.
Downloads = Document Uploads
-
Article An article. This might be a news item, a blog post, a staff news item, or an informational article.
New Items
-
- Jan 2015
-
stackoverflow.com stackoverflow.com
-
git clone will give you the whole repository. After the clone, you can list the tags with git tag -l and then checkout a specific tag: git checkout tags/<tag_name>
How to install a previous release/version via github
-