via Federal News Radio
Agencies have about 18 months to put in place the capability to know the real-time security of their computer networks.
Similar to when patient visits a doctor and has their vital signs taken to assess their health, agency chief information officers and chief information security officers must install several different data collection tools that will make up the capability to continuously monitor their network infrastructure.
“Continuous monitoring is a philosophy about understanding your environment in a 24/7 construct,” said Bobbie Stempfley, the director of the Homeland Security Department’s National Cybersecurity Division after her speech at the FedScoop Cybersecurity conference in Washington Thursday. “Understanding how it is behaving, what it’s configurations are and how it goes forward.”
DHS, the Office of Management and Budget and the National Institute of Standards and Technology are providing an assortment of tools, and mandates for agencies to know the real health of their networks.
OMB directed in the fiscal 2012 IT budget passback that agencies must implement continuous monitoring capabilities by the end of 2012. Before moving to continuous monitoring, OMB also wants agencies to submit data to the cyberscope tool by Sept. 30.
To achieve both of these goals, Stempfley and other federal technology managers say there are several steps their counterparts must take.