A new policy from the Department of Homeland Security will require that federal computer contractors find and fix any cyberthreats within 72 hours, according to NextGov. Although DHS policy already required continuous event monitoring, the change will require improved security information management to not just weed out the threats, but to fix them.
The change puts the onus for repairing the damage after a data breach or other event on the contractor. Issues involving reporting of threats to the agency affected arose when the government was preparing to launch FedRAMP, the program designed to assess the security of cloud computing providers before their contract eligibility.
Although the assessors still require that the cloud provider continuously monitor threats, the reporting is only on a quarterly or yearly basis because of the logistical issues of sharing sensitive government security data. The new policy will work hand-in-hand with the constant monitoring to improve the security of government providers.
Computer think tank SANS believes that the change will help clarify the definition of continuous monitoring that many misinterpret.
"Think continuous monitoring and mitigation," SANS director Alan Paller told NextGov. "Knowing [of a weakness] and not fixing it is dangerous."
