I am within IBM's Public Sector Cyber Security & Biometrics practice. I manage and provide FedRAMP/ FISMA expertise to IBM and our clients. My views are my own.
Protecting PII is an issue for all companies, but over-extending our trust to 3rd party organizations can lead to the loss of control or our most sensitive data.
See the article about a Google PII breach: https://t.co/ocJxV6pgTU
Watch Out — Microsoft Warns Android Users About A New Ransomware; There is a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note. Check it out at: https://t.co/5SbIZQUfGr
DoD released its first unified cybersecurity standard-Cybersecurity Maturity Model Certification (CMMC)- that all defense contractors will have to meet. It will be phased in over the next 6 years. By 2026 all contractors must be compliant: https://t.co/t8n4TWR8wf
https://t.co/XFX78qaCAA
A new futuristic vessel will follow the same course that the Mayflower took to Plymouth Rock 400 yrs ago. Managing director of the Mayflower Autonomous Ship Brett Phaneuf explains on 'Fox & Friends.'
On 14Nov19 the IBM SmartCloud for Government (SCG) received a FedRAMP HIGH P-ATO (Provisional Authorization to Operate)!!! The FedRAMP Website was updated today 22Nov19.
FedRAMP is hosting a PMO-JAB CSP Interact mtg nxt wk. Bringing JAB TRs & CSPs (Current/In Process JAB P-ATO) together to share info for an improved understanding of each others’ perspectives. TRs will discuss hot topics, share best practices and discuss issues impacting them most
I love High Tech. Read this article:
IBM’s weather forecasting model GRAF goes live today, and it could have major implications around the world. Self-proclaimed "weather geek" @steveliesman has a look behind the model and IBM’s new supercomputer, DYEUS. https://t.co/xiP2bHBKXB
2) JAB TR Leads - review recommendation & docs, submits recommendation to JAB TR (Principles)
3) JAB TRs (P) as a board must approve and sign Certification Memo, which is then sent to the PMO
4) PMO writes up P-ATO memo and submits Cert memo & P-ATO for CIOs (AOs) approval/sig
When getting a FedRAMP P-ATO (aka JAB), there are 4 levels of approval to the process (ref: FR Sig Chg Policies & Proc 28Aug18)
1) JAB Reviewers - SCAs (DHS, DoD, GSA direct rep to the CSP) must submit recommendation for approval
see next tweet
X-Force Red Lab - Grand Opening November 7 @ Austin, Texas during which XFR's hacking skills will be demonstrated. There will be a speech by X-Force Red Global Head Charles Henderson. Followed by three live hacking demonstrations.
Really cool stuff.
Federal Agencies
TIP: Do you want to request an extension beyond the 30-day access window for OMB MAX or obtain additional package permissions?
Simply email [email protected] to request access extensions.
Report Examines How to Keep Women in Tech
A report from Capital One, released this month, examines the factors that influence women who stay in technological careers, and best practices for supporting women and keeping them in technology positions.
https://t.co/T19RThVqYY
Compliant to FIPS 140-1/2 is a sneaky way of saying, I use a security module (like AES-256) to meet the encryption requirement, however the product (HW and SW) hasn't undergone the rigors for Gov testing, and does NOT show up on the FIPS 140-1 approval pg:
https://t.co/2OPscdvFHR
FIPS 140-1/2 Compliance vs Validated. Do you know the difference? Validated means that a company has spent a lot of money & time to get their product Certified & Validated by the government - that ALL modules in the product (HW and SW) have past testing requirements.