Category Archives: SECURE

Unveiled by Secrecy News – Pentagon sets new security standards

The Department of Defense this week established a new Defense Security
Enterprise that is intended to unify and standardize the Department's
multiple, inconsistent security policies.

The new security framework "shall provide an integrated, risk-managed
structure to guide DSE policy implementation and investment decisions, and
to provide a sound basis for oversight and evolution."

The Defense Security Enterprise, launched October 1 by DoD Directive
5200.43, is a response to the often incoherent and internally contradictory
state of DoD security policy.

        http://www.fas.org/irp/doddir/dod/d5200_43.pdf

An Inspector General report earlier this year said that there were at
least 43 distinct DoD policies on security that could not all be
implemented together.

"The sheer volume of security policies that are not coordinated or
integrated makes it difficult for those at the field level to ensure
consistent and comprehensive policy implementation," the DoD IG wrote. 
("DoD Security Policy is Incoherent and Unmanageable, IG Says," Secrecy
News, September 4, 2012.)

        http://www.fas.org/blog/secrecy/2012/09/dodig_security.html

But under the new Defense Security Enterprise, "Standardized security
processes shall be implemented, to the maximum extent possible and with
appropriate provisions for unique missions and security environments," the
DoD directive said.

The new structure is supposed to "ensure that security policies and
programs are designed and managed to improve standards of performance,
economy, and efficiency."

But the directive does not explain how to proceed if "performance,
economy, and efficiency" prove to be incompatible objectives.

Nor does it provide a working definition for the crucial concept of "risk
management."  This term, often contrasted with "risk avoidance," implies an
increased tolerance for risk (i.e. risk of failure).  But the practical
meaning (or the limit) of this tolerance is nowhere made explicit.

The Defense Security Enterprise will be managed by "a core of highly
qualified security professionals," the DoD directive said.

FUSION CENTERS FLAYED IN SENATE REPORT

The state and local fusion centers supported by the Department of Homeland
Security have produced little intelligence of value and have generated new
concerns involving waste and abuse, according to an investigative report
from the Senate Homeland Security Committee Permanent Subcommittee on
Investigations.

        http://www.fas.org/irp/congress/2012_rpt/fusion.pdf

"It's troubling that the very 'fusion' centers that were designed to share
information in a post-9/11 world have become part of the problem. Instead
of strengthening our counterterrorism efforts, they have too often wasted
money and stepped on Americans' civil liberties," said Senator Tom Coburn,
the ranking member of the Subcommittee who initiated the investigation.

        http://www.hsgac.senate.gov/subcommittees/investigations/

While it may not be the last word on the subject, the new Subcommittee
report is a rare example of congressional oversight in the classical mode. 
It was performed by professional investigators over a two-year period.  It
encountered and overcame agency resistance and non-cooperation.  And it
uncovered -- and published -- significant new information that demands an
executive branch response.  That's the way the system is supposed to work.

PUERTO RICO'S POLITICAL STATUS, AND MORE FROM CRS

New and updated reports from the Congressional Research Service that have
not been made available to the public include the following.

Puerto Rico's Political Status and the 2012 Plebiscite: Background and Key
Questions, October 2, 2012:

        http://www.fas.org/sgp/crs/row/R42765.pdf

The Emergency Food and Shelter National Board Program and Homeless
Assistance, October 5, 2012:

        http://www.fas.org/sgp/crs/homesec/R42766.pdf

Federal Freight Policy: An Overview, October 2, 2012:

        http://www.fas.org/sgp/crs/misc/R42764.pdf

The Peace Corps: Current Issues, updated October 2, 2012:

        http://www.fas.org/sgp/crs/misc/RS21168.pdf

Chemical Facility Security: Issues and Options for the 112th Congress,
updated October 2, 2012:

        http://www.fas.org/sgp/crs/homesec/R41642.pdf
Advertisements

Unveiled by Cryptome – InfoSecurity and Privacy Advisory Board Meet

Information Security and Privacy Advisory Board Meet

 


http://www.ofr.gov/OFRUpload/OFRData/2012-23608_PI.pdf

[FR Doc. 2012-23608 Filed 09/24/2012 at 8:45 am; Publication Date: 09/25/2012]

Billing Code 3510-13

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

Announcing an Open Meeting of the Information Security and Privacy Advisory Board

AGENCY: National Institute of Standards and Technology, Commerce

ACTION: Notice

SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 10, 2012, from 8:00 A.M. until 5:00 P.M. Eastern Time, Thursday, October 11, 2012, from 8:00 A.M. until 5:00 P.M. Eastern Time, and Friday, October 12, 2012, from 8:00 A.M. until 12:00 P.M. Eastern Time. All sessions will be open to the public.

DATES: The meeting will be held on Wednesday, October 10, 2012, from 8:00 A.M. until

5:00 P.M. Eastern Time, Thursday, October 11, 2012, from 8:00 A.M. until 5:00 P.M. Eastern Time, and Friday, October 12, 2012, from 8:00 A.M. until 12:00 P.M. Eastern Time.

ADDRESS: The meeting will take place at the Courtyard Washington Embassy Row, General Scott Room, 1600 Rhode Island Avenue, N.W., Washington, DC, 20036.

FOR FURTHER INFORMATION CONTACT: Annie Sokol, Information Technology Laboratory, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930, telephone: (301) 975-2006, or by email at: annie.sokol@nist.gov.

SUPPLEMENTARY INFORMATION: Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that the Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 10, 2012, from 8:00 A.M. until 5:00 P.M. Eastern Time, Thursday, October 11, 2012, from 8:00 A.M. until 5:00 P.M. Eastern Time, and Friday, October 12, 2012, from 8:00 A.M. until 12:00 P.M. Eastern Time. All sessions will be open to the public. The ISPAB is authorized by 15 U.S.C. 278g-4, as amended, and advises the Secretary of Commerce, the Director of the Office of Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB’s activities are available at http://csrc.nist.gov/groups/SMA/ispab/index.html

The agenda is expected to include the following items:

– Presentation relating to SP 800-53 Revision 4,- Panel discussion with members of the Office of Inspector General relating to NIST guidelines to advance security,

– Panel discussion on the latest development of FedRAMP,

– Panel discussion/updates on privacy and security risks for medical devices and the Government Accountability Office (GAO),

– Presentation on healthcare information technology security,

– Cybersecurity Updates from Director of Cybersecurity, White House,

– Presentation on Security, Privacy and Information Sharing,

– Discussion/presentation on information sharing, cyber and communications across federal agencies with the National Cybersecurity and Communications Integration Center (NCCIC, DHS) Director,

– Presentation/Discussion on Radios used by federal civilian agencies, and

– Update of NIST Computer Security Division.

Note that agenda items may change without notice because of possible unexpected schedule conflicts of presenters. The final agenda will be posted on the Web site indicated above.

Seating will be available for the public and media. No registration is required to attend this meeting.

Public Participation: The ISPAB agenda will include a period of time, not to exceed thirty minutes, for oral comments from the public (Friday, October 12, 2012, between 10:00 A.M. and 10:30 A.M.). Speakers will be selected on a first-come, first-served basis. Each speaker will be limited to five minutes. Questions from the public will not be considered during this period. Members of the public who are interested in speaking are requested to contact Annie Sokol at the contact information indicated in the FOR FURTHER INFORMATION CONTACT section of this notice.

Speakers who wish to expand upon their oral statements, those who had wished to speak but could not be accommodated on the agenda, and those who were unable to attend in person are invited to submit written statements. In addition, written statements are invited and may be submitted to the ISPAB at any time. All written statements should be directed to the ISPAB Secretariat, Information Technology Laboratory, 100 Bureau Drive, Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930.

Dated: September 19, 2012

Willie E. May Associate Director for Laboratory Programs

[FR Doc. 2012-23608 Filed 09/24/2012 at 8:45 am; Publication Date: 09/25/2012]

 



 

 

 


SECURE – Washington Airports Electronic Security Systems

DOWNLOAD THE ORIGINAL FILE HERE

mwaa-ess