Some agencies spending 90-percent of IT budget on legacy systems — report
October 21, 2016
Some agencies are spending 90 percent or more of their IT budgets on operations and maintenance, the report released last week found.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
The National Institute of Standards and Technology is asking for comments on the final draft of what it calls a “major federal cybersecurity document," the agency announced.
The document, Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication (SP) 800-53, Revision 4 , is considered the principal catalog of security safeguards and countermeasures that federal agencies use to protect information systems.
"This is by far the most extensive update to our control catalog since it was first published in 2005," said Ron Ross, NIST fellow and Federal Information Security Management Act implementation project leader. "We received and responded to several thousand comments from across the federal government, industry and academia during the initial public comment period and have greatly increased the cybersecurity toolset for our customers as a result."
The document, two years in the making, adds new guidance for handling insider threats, supply chain risk, mobile and cloud computing technologies and other cybersecurity issues and challenges in this latest draft.
According to NIST, other areas addressed in the update include application security, firmware integrity, distributed systems and advanced persistent threat. The revised SP 800-53 also contains a new appendix of privacy controls and related implementation guidance based on the internationally recognized Fair Information Practice Principles.
This revision was conducted as part of the Joint Task Force Transformation Initiative, comprising security experts from NIST, the Department of Defense, the Intelligence Community and the Committee on National Security Systems, NIST said.
Comments on the revision should be sent to firstname.lastname@example.org by March 1, 2013.