“In the two years since the U.S. State Department deployed a digital security dashboard to monitor a key unclassified network of 5,000 routers and 40,000 host computers that support 285 foreign posts, automated data collection has enabled the department to implement risk-based scoring, reducing risk on the network by 93 percent.
The State Department now scans its worldwide network at least every 36 hours to identify vulnerabilities. Via continuous monitoring, risk is assessed 100-300 times more frequently than with traditional FISMA methods. Throughout the State Department, John Streufert, Chief Information Security Officer and Deputy CIO for Information Security said in an interview that the goal now is to implement as many as possible of the 20 Most Critical Controls set by the Consensus Audit Guidelines (CAG). “