Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/6/2010
04:10 PM
50%
50%

Fed Study: 85 Percent Of Agencies Still Not Using CyberScope

New standard for continuous security monitoring still confuses federal IT security leaders

CyberScope is supposed to be the federal government's new standard tool for continuous security monitoring. So far, however, the vast majority of federal CIOs say they don't understand the technology's mission and goals, and only 15 percent have used it at all.

The deadline for filing FISMA security compliance reports using the new CyberScope tool is Nov. 15.

According to a study published this week by MeriTalk, a government IT community, the few agencies that have implemented CyberScope give the tool high marks. But 85 percent of the federal IT executives surveyed said they have not deployed it yet.

In fact, 72 percent of the federal IT executives surveyed said they do not have a clear understanding of CyberScope's mission and goals. Ninety percent do not have a clear understanding of the submission requirements.

The survey results may surprise some in the federal IT space, where some agencies have begun to eschew complex, paper-based FISMA security compliance reporting projects in favor of the "continuous monitoring" concept, where CyberScope provides key functionality. Some 69 percent of the survey respondents said they are unsure if this new approach will result in more secure federal networks.

The report, underwritten by ArcSight, Brocade, Guidance Software, McAfee, Netezza, and immixGroup, suggests that the Office of Management and Budget (OMB) "must increase communication, clarify submission requirements, and provide training for the reporting protocol shift in order to achieve CyberScope's goals of enhanced oversight and reporting simplification," the study says.

"Clearly, FISMA needs reform," says Steve O'Keeffe, founder of MeriTalk. "That said, the communication about that new approach has been spotty, at best."

Joe Gottlieb, CEO of security information and event management company SenSage, says the CyberScope needs more time to develop. "Cyberscope is an ambitious project, and the data suggests that many Federal security leaders question its value," he says. "However, the overall concept has merit, and underscores the need for more open data architectures in the security and compliance industry."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27394
PUBLISHED: 2021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions <...
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.