DHS no longer needs permission slips to monitor other agencies’ networks for vulnerabilities
Aliya Sternstein reports:
The Department of Homeland Security has spelled out its intentions to proactively monitor civilian agency networks for signs of threats, after agencies arguably dropped the ball this spring in detecting federal websites potentially harboring the Heartbleed superbug.
Annual rules for complying with the 2002 Federal Information Security Management Act released Friday require agencies to agree to proactive scanning. The regulations also contain new requirements for notifying DHS when a cyber event occurs.
“The federal government’s response to the ‘Heartbleed’ security vulnerability highlighted the need to formalize this process, and ensure that federal agencies are proactively scanning networks for vulnerabilities,” Office of Management and Budget Director Shaun Donovan said in an Oct. 3 memo to department heads. “This year’s guidance clarifies what is required of DHS and federal agencies in this area.”
Read more on NextGov