Federal CIO-Council Continuous Monitoring Working Group Update

MICHAEL JONES, Deputy Director Cyber Emerging Tehcnologies, US ARMY

In response to frustrations on the part of federal cyber security executives who felt security mandates like FISMA had become merely a reporting exercise, the Federal CIO-Council , with the support of leaders such as Federal CIO Vivek Kundra, have placed a newfound significant focus on Continuous Monitoring efforts in the fight against cyber crime.  In this session, attendees will hear from the Chair of the Federal CIO-Council Continuous Monitoring Working Group as he describes what progress has been made with regard to modernizing FISMA, shares best practices and lessons learned with regards to implementing a program focused on Continuous Monitoring, and  discusses technologies and policies which should be implemented by agencies looking to be aligned with these new guidelines. Army Cyber Dashboard Pilot, This session will discuss the Army's Cyber Dashboard Pilot's overarching objectives which is the initial step towards developing a continuous monitoring capability. Continuous Monitoring is important because it will provide directors, commanders, and staffs with a tool they can easily understand and use to improve their Cyber/Information Assurance postures.  Continuous monitoring emphasizes the need to better manage and mitigate actual cyber risks currently identified on the network.In order to perform continuous monitoring our Cyber Defenders must have the
visibility of the vulnerabilities and configurations of their network assets.  This is a critical step in how the Army will better defend its most critical resource - cyberspace.

Learning Objectives:

• Discussion of the move away from “reporting” and toward “Continuous Monitoring”
• Analysis of technologies, policies, governance, and cultural issues needed to move toward Continuous Monitoring