In the News...

CyberScope

The key to this new approach will be software that transmits data on the status of controls directly from each division of an agency. The data feeds will include information about an agency's inventory of systems and software, external connections, security training and user access. Agencies must submit this information through a new Web-based gateway called CyberScope by Nov. 15, and starting in 2011, they must file reports monthly, according to the memo. OMB will begin training them on how to use the tool in May.

First, agencies will be required to feed cybersecurity information directly and in near real-time from their own security management tools into the recently implemented Cyberscope security reporting tool, which DHS is now operating. The White House is convening with agencies on May 7 to discuss how they will move forward with this plan, and what new metrics will be included in the new reporting.

Under the signatures of OMB Deputy Director for Management Jeffrey Zients, Federal Chief Information Office Vivek Kundra and Cybersecurity Coordinator Howard Schmidt, the Office of Management and Budget issued a memorandum instructing federal departments and agencies to use a new, online interactive collection tool called CyberScope to file their fiscal year 2010 reports by Nov. 15 as required by FISMA. Agencies were instructed to provide updates on their privacy management programs through CyberScope, too.

"Cyberscope requires agencies to actually have a system that actively is monitoring and an inventory of all assets like routers, switches and desktops," Kundra says. "The information will be collected at the agency level and will be able to be correlated so we can see what's going on not just nationally, but globally. We want to have the right level of detail and ability to go to the most atomic level of analysis to figure out our vulnerabilities."

Kundra, whose statutory title is OMB's administrator of e-government and IT, said the new guidance is aimed at moving agencies away from the process of filing paper documents that explain how they comply with Federal Information Security Management Act to one that employs new tools such as CyberScope, which furnishes a standard format and provides a better view of agencies' data. Eventually, CyberScope will feed data into a cybersecurity dashboard.

The Office of Management and Budget this month unveiled an interactive collection tool called CyberScope that should help agencies fulfill their IT security reporting requirements under the Federal Information Security Management Act.

"The Federal Information Security Management Act is not going away anytime soon. But the way agencies report on their implementation of the seven-year-old law is getting a much needed facelift. The Office of Management and Budget launched Oct. 19 CyberScope, an online reporting tool based on the Justice Department's CSAM application...

To alleviate some of the reporting hassle, OMB launched in 2009 a digital application that automatically and continuously collects information on compliance. CyberScope, which uses two identification checks to verify a person's permission to access the system, allows employees to derive more complex analyses of how secure systems are, Kundra said.

In October 2009, OMB unveiled a new system, CyberScope, a streamlined platform developed for collection and consolidation of Agency FISMA reporting data. In addition to the considerable reduction in labor and time to analyze the data, CyberScope requires login using the standard PIV credential (or card) and the holders PIN. This is the first time the PIV credential has been required for use of a government wide system.