FISMA is essential to prevent the exposure of confidential government assets, operations, and information from cyber attacks and threats. There are several security requirements such as information system inventory, risk categorization, system security plans, security controls, certification and accreditation.

While maintaining inventory, federal agencies must have an encrypted cloud to keep track of information systems and control the internal and external interdependencies between systems. In risk categorization, three categories define the degree of risk pertaining to IT systems. The three categories are low-impact, moderate-impact, and high-impact. The low-impact category determines that the information is general and informational. The moderate-impact category pertains to information that needs to be safeguarded. The high-impact category is high risk and could cause great danger to the government if compromised.

All government agencies must have a security plan to determine how the agency will perform security controls. The security plan is known as a System Security Plan (SSP) and Plan of Action and Milestone (POA&M) that must be updated regularly. To utilize the security controls efficiently, government agencies must document their security controls under the regulations of FIPS 200. When all security measures are implemented, and risk assessments have been completed, agencies must ensure that security controls properly function. Once all steps are completed, the information system is deemed accredited according to NIST SP 800-37.

by Marcia Cooke, Jr. Analyst

Source: https://www.solarwinds.com/federal-government/solution/fisma-compliance-requirements

The FY22 Core IG Metrics are derived from the Core IG metrics from 2016. These Metrics are a guide for businesses to ensure the best cybersecurity. The tips created coincide with each question from the FY22 Document.

by Marcia Cooke, Jr. Analyst

Click here to review the guideline tips

Cyber attacks can be a major detriment to a company's success by inhibiting the security of confidential information. There are steps that organizations can take to prevent these threats from occurring. According to Cyber Security Safety, "How to Defend your business against cyber attacks", out of the ten recommendations given, making sure all operational systems are updated, having information backed up, and communicating with team members are efficient ways to prevent malfunctions.

Updating all operational systems can ensure computer bugs are fixed and software performance improves. Computer bugs in software make organizations more vulnerable to malfunctions and give easy exposure to hackers. Software updates also ensure that viruses and password exposures are easily detected and brought to the attention of organizations. Communicating with team members about cyber attacks can ensure that everyone has the same understanding or knowledge about how to prevent putting the organization at risk.

by Marcia Cooke, Jr. Analyst

Click the links below to read more about Cyber Attacks:

Cyber Attacks in the US

Foreign Cyber Attacks

Over the next few months, Google will implement updates to its Play Store to prevent pesky ads from popping up. The most common advertisements that pop up are those that take up the entire screen and are previewed via photo or video for a duration of time, typically more than 15 seconds, before a game starts or an app loads. There will also be restrictions on the misinformation spread on the Google Play Store pertaining to subscriptions and health. Beginning August 31, there won’t be apps on the Play Store that mock popular apps. Google plans to ensure this by creating policies that prevent apps from using specific words/descriptions and images that may imply the linkage to a popular app. Google wants to protect consumers from unnecessary, misleading information and copycat apps to improve the overall experience for the consumer.

Source: Google Play Store update will get rid of annoying ads, copycat apps - Memeburn