compliance

November 1, 2019
By Matt Dumiak
Protected data includes any information that can directly or indirectly identify an individual, such as name, driver’s license information, address, passport number, Social Security number and email address.

The California Consumer Privacy Act gives the state’s residents the ability to see and control the personal data companies have, share and sell. The privacy act started as a ballot initiative in early 2018 and was signed into law just a few months later in June. After first-round amendments were approved, the effective date was set as January 1, 2020, with an enforcement of July 1, 2020.

October 1, 2019
By Katherine Gronberg
This generator produces power for all of the facilities on Marine Corps Recruit Depot Parris Island. It enables the depot to continue operations while completely disconnected from the normal commercial utility grid. Credit: Lance Cpl. Ryan Hageali, USMC

The U.S. arsenal boasts diverse weapons that share a common cybersecurity challenge: They depend on power generated by U.S. Defense Department or civilian-owned infrastructures that are increasingly vulnerable to cyber attack. Disrupting the availability of these power systems could impact not only the United States’ ability to project U.S. military power globally but also to respond to a domestic attack.

January 25, 2018
By Maryann Lawlor
While the migration to the Joint Regional Security Stacks will transition ownership of security architecture from the Air Force to DISA, the squadron will retain operational control of traffic flow for Air Force networks. U.S. courtesy photo

The Defense Information Systems Agency (DISA) now offers service product packages to mission-partner authorizing officials to provide a holistic view of their information systems risk posture. The packages help ensure compliance for mission partners who have programs and systems hosted within the DISA computing ecosystem.

Control Correlation Identifiers (CCIs) within the service packages allow high-level policy framework requirements to be decomposed and associated with low-level security settings to determine compliance with the objectives of that specific security control.

February 25, 2016
By Joel Dolisy

OK, your New Year’s resolutions are probably distant memories, but resolutions to improve agency IT security should be yearlong endeavors. Before gearing up to move forward with implementing new fiscal year 2016 IT initiatives, it is a best practice to conduct a security audit to establish a baseline and serve as a comparison to start thinking about how the agency’s infrastructure and applications should change, and what impact that will have on IT security throughout the year.

It’s critical to maintain a consistent focus on security all year long. Security strategies, plans and tactics must be established and shared so that IT security teams are on the same page for the defensive endeavor.