FEMA Working With Other DHS Units on Cybersecurity Controls
The Federal Emergency Management Agency’s Office of the Chief Information Officer is collaborating with other agencies within the Department of Homeland Security to clarify cybersecurity controls, an effort that would allow the DHS to automate its processes.
During the Cyber Compliance Boosted by Automation webinar hosted by the Advanced Technology Academic Research Center, FEMA CIO Ted Okada said that the effort to work with other information technology organizations across the DHS can allow FEMA to automate its compliance with standard data and privacy controls, FedScoop reported.
According to Okada, achieving compliance with agencies such as the National Institute of Standards and Technology presents challenges because FEMA is not updated with the advancements in cloud computing technologies, as well as development, security and operations.
DHS still has outdated controls even though emerging NIST standards such as the Open Security Controls Assessment Language are examining the approaches of cabinet-level departments to compliance.
One of the current controls would ask whether organizations have a fire extinguisher, but no control asks whether agencies are using Microsoft Azure or Amazon Web Services, Okada said.
Aside from clarifying existing controls, FEMA is also creating application programming interfaces that will be able to communicate with authorizing engines to generate system security plans that can be standardized in open, text-based language for automation.
With such APIs, FEMA will have the ability to store and compute data at the edge while employing zero-trust security principles, Okada noted.
Tags: cloud computing compliance cybersecurity cybersecurity control Department of Homeland Security DevSecOps DHS Federal Emergency Management FedScoop FEMA National Institute of Standards and Technology NIST standards Ted Okada