Join Our List
 |
|
 |
|
'Lunarline's success primarily comes from listening to their customers, attracting quality employees and maintaining a myriad of skill sets that distinguishes them from their competitors.'
- Audrey Sawyer, CEO ASIS
| |
|
| Issue: # 0310 |
Lunarline Newsletter |
Join Lunarline at the 2010 FAA IT/ISS Conference - booth #625 - for conversation about how we can help you improve your ability to monitor and improve the confidentiality, integrity, and availability of your systems and applications.
All of our Information Assurance, Information Security, Training and other IT related services and products are ISO 9001:2000 certified.
Lunarline is proud to hold the eFAST vehicles and provide services under the following three functional areas:
- Business Administration and Management
- Engineering Services
- Documentation and Training
.
|
Cyber Security is one of the most serious economic and national security challenges we face as a nation, and one that our government or commercial industries are not adequately prepared to counter. This conference will highlight a number of mutually reinforcing initiatives with the goal to help secure the United States in cyberspace.
This exciting one-day event will provide timely and topical discussion of issues relevant to Cyber Security. Sessions will address threat awareness, IT governance, and incident response. Panel discussions will include leaders in enterprise security.
Waylon Krush, Co-Founder and CEO of Lunarline, is a featured speaker in the Cyber Con 2010!
|
| ARRA HITECH Stimulus - $19 Billion at Stake |
 Attaining Meaningful Use and HIPAA Security Rule Compliance
In February of 2009, the American Reinvestment and Recovery Act (ARRA) allocated $19 billion in funding for hospitals and clinics that make "meaningful use" of CCHIT certified Electronic Medical Record (EMR) systems. In December of 2009, HHS published a 23 element definition of "meaningful use". These elements included 22 transactional items such as Computerized Physician Order Entry (CPOE). The 23rd element concerned security of all of the transactional items, and required firms seeking the Stimulus funds to "Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a) (1) (HIPAA Security Rule) and implement security updates as necessary."
Lunarline, ACR2 Solutions and Fortinet partnered to provide an automated risk assessment that meets Object 23 in the meaningful use requirements of Stage 1. According to the AHA, this is the only automated solution available to meet those requirements.
Funds under the ARRA can begin flowing as early as October 1, 2010 for hospitals that meet the "meaningful use" standard. A typical 300 bed hospital can expect as much as $6 million if they qualify in 2010 or 2011. Hospitals qualifying later than 2015 will receive none of these funds.
To read more about protecting ePHI and satisfying Stage 1 meaningful use requirements, click here. |
| The DIACAP Revamp |
 Get ready for more growing pains.
The DIACAP is not going away. NIST 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems Revision 1, will lead to single Risk Management Framework (RMF) for the DoD, IC and Federal Government. NIST 800-37 provides a method of managing risk. Every organization will point to NIST 800-37 as the RMF, but there will be differences in implementation.
There has been discussion as to if the name DIACAP will change; this has yet to be agreed upon. There will be lexicon changes in the DoD process, DoDI 8510.01 will be updated with roles and responsibilities corresponding to those utilized in NIST 800-37 Rev 1. Current DoD policies and procedures will be updated to reflect the changes. The DoDD 8500.2 will be updated to include more detailed information on accrediting Platform IT (PIT) systems and Application Information Systems (AIS).
Bottom line current assessment of the C&A transformation: The DoD IA controls will not be associated with DoDI 8500.2 in the future. The DoD will continue to move forward on implementing the reciprocity memo and the reciprocity artifacts. As well, more automation of the C&A process it being pushed. A transition schedule will be released to the DoD.
Upcoming policy releases:
CNSS 1253 and 800-53 rev3 have been published
NIST 800-53A rev1 - Apr10
CNSSP 6 - Dec 10 - publication pointing to transition docs
NIST 800-37 Feb 10
DoDI 8510.01 - may need some tweaking
DoDI 8500.2 will implement 1253 and 800-53
System categories and profiles will be implemented per CNSSI 1253
Senior RMF for DoD is provided by the DSAWG and GiG flag panel
NIST 800-53 will be updated to address the sun-setting of DoDI 8500.2
CNSS 1253 is only a categorization document - no IA controls
For more information or a free quote on the Certificate of Networthiness services, DIACAP consulting, DIACAP training, or DIACAP testing, click here. |
| Penetration Testing |
 Measuring your exposure to real-world threats has just gotten easier.
Penetration Testing provides an organization with the ability to simulate typical attacks employed by black-hat "hackers" in a controlled manner in order to evaluate the IT security posture of their networks and systems. This allows an organization to measure their true exposure to real-world threats, thus determining how large of a delta exists between the organization's actual security posture and the assumed defenses in place from current IT security implementations, automated security testing, and certification and accreditation efforts... (read on).
For more details on Lunarline's penetration testing approach, click here. |
| Contingency Plan: SP 800-34 Revision 1 |
 Understanding SP 800-34 and the related continuity plans.
Within the next four weeks the National Institute for Standards and Technology (NIST) will be issuing revision 1 to NIST Special Publication 800-34, Contingency Planning Guide for Federal Information Systems. One of the initiatives that has been embraced during the revision of SP 800-34 is a greater tie-in to other publications and guidance. For instance, the prioritization for system contingency planning now refers back to Federal Information Processing Standard (FIPS) 199 which provides the methodology for determining IT system criticality. Did you know that SP 800-34 refers to 8 different types of continuity-related plans? To review an alphabetized list with a short synopsis of how each plan is used, click here.
To find out more information on Lunarline's extensive experience in identifying, developing and implementing recovery strategies, click here. | |
Lunarline is a leading and award winning provider of Cyber Security Solutions, Specialized IA Services, and Certified Security Training to all US Federal Government (Civilian, DoD, and IC), as well as to customers in selected commercial markets. All Lunarline Cyber Security Solutions, Specialized IA Services, and Certified Security Training are backed by our unwavering commitment to our customer's satisfaction, being a leader in cyber security innovation, while maintain the highest quality of our training, products, and services. Lunarline, Inc. a VA Certified Service-Disabled Veteran-Owned Small Business (SDVOSB) that is certified in ISO 9001: 2008, CMMI Level 2, has a DCAA approved accounting system, NSA/CNSS approved courseware, and approved Earned Value Management (EVM) system. Lunarline is a recipient of the DOT Cyber Security Award, the Cyber Security Initiative Forum Training Award, Top 2% D&B score, and several customer awards and accolades. |
|
|
