old.reddit.com /r/GovIT/
Government IT
Active Web Watch
old.reddit.com /r/GovIT/
Government IT
Active Web Watch
So I know the most recent version was updated over 2 years ago so it isnt exactly a highly maintained product, but I was curious if anyone knows what IL something encrypted with TENS is cleared to? I tried looking through the site but couldnt find anything specifically listed. Thanks.
I recently changed my login to SSA to Login.gov. I see I am now suppose to get a letter from the SSA. Is it probably to confirm that I made the change? The letter will not be arriving until later today and I am going to be out of town for a couple weeks. Could someone please comment?
I'm not sure if I'm in the correct sub - if not, please point me in the right direction. I live outside UK, and am nearing pension age for my UK pension. The website needs 3 specific forms of ID to register, but because I haven't lived in UK for many years, I only have 1 of the required 3, my UK passport. None of the phone " helpline " numbers ever get answered, so I'm stuck. Any ideas?
Anybody who can give an overview of this.Appreciated.
Hello,
I work for an IT company and I have a local non-maintenance client that we use to manage pre 2020. They left us because they were struggling financially. Since then they have received a government contract and are doing really well. When they got a new IT company to manage their IT needs they went with a company that is in another state 3000 miles away. They went with them because of there expertise with dealing with companies that have government contracts. Its my understanding that the NIST SP 800-171 is just a set of rules that have to be met that can/will be audited. The IT company itself doesn't have some type of certification in order to manage these clients, correct? Can anyone can be a consultant for NIST SP 800-171 compliance? Do we need background checks in order to manage them?
I am asking because the VP is frustrated with this company and has called me a lot for support. I am thinking we would be a better fit as we are local and have a lot of the same systems, tech stack that this company uses. The way the VP expressed his concern is that this company is compliant with managing this stuff.
Can anyone shed some light on this or point me in the right direction. Not sure if it matters but I was enlisted for 6 years and was in network security/server admin roles so I understand the rules with needing firewalls, OU groups, deprovisioning users in a timely fashion, etc.
Does anyone know about the hiring process for the NYC Department of investigation? Right now my application is in the review stage and I’m waiting for an interview for investigative auditor position, but it’s been about 4 months since i submitted my application. Does know about the hiring and on boarding process with the Department of investigation?
Its a survey with multiple choice questions only and it takes 3-4 minutes to complete. feel free to forward the link to colleagues.The topic is "Why do IT projects fail not(only) because of Technology"
The groups Im interested in are devs, project managers and human ressource managers, which work in IT projects.
Thanks in advance,
Le-
PS: sorry my english just in case, my thesis is in german :)
New ISSO for a DoD organization performing some software development. ISSM is new to our organization too.
Organization is performing static code analysis and CM , but needs to grow beyond that. Some engineers think it is okay to grab just about any code from GitHub and management thinks absolutely nothing should be used from GitHub. Obviously there is a middle ground and we need some process for assessing Open Source Software, libraries, etc. not to mention properly assessing our own applications and I'm not sure where to start. What I could find is that getting a list of components for our internally development apps should be one of our first stops. Not sure if same applies to OSS, or how we'd do that properly.
I think we will be rebuilding the software engineering process and procedures from scratch, but we are a bit out of our depth. Other than the high level TTPs, we are having a difficult time getting started. Can anyone point us to resources that can assist in this and make sure we get this as close to right as possible the first time around.
When it comes to OSCAL, I understand the what, but not the how. I understand that the goal of OSCAL is to automate the monitoring of control implementation, and that it does so through a set of extensible formats which support a range of risk management processes.
I've been reading this guide to learn more about the XML and JSON files included in the FedRAMP Automation release, but I'm having a hard time making sense of it (I'm not a software developer).
What am I supposed to do with these XML/JSON files to automate the creation of SSPs, monitor the implementation of controls, etc.? Are there any resources which teach XML/JSON noobs how to get started with OSCAL?
Thank you!
Hi developers who are interested in data security,
Cisco and Altinity are meeting over a LIVE webinar tomorrow to showcase their collaborative project on deploying Clickhouse in FedRAMP for government customers using Altinity’s FIPS-compatible stable builds.
Date and Time: June 20, 10 AM PDT
Speakers: Pauline Yeung, Data Engineer & SecDevOps at Cisco Umbrella and Robert Hodges, CEO at Altinity
Tune in LIVE to learn more about:
What is Cisco Umbrella and how does it use ClickHouse?
What are the challenges of bringing up ClickHouse in a FedRAMP environment?
How are Cisco Umbrella and Altinity working together to deploy FIPS-compatible analytics?
What lessons can we share with other users on the same path?
RSVP your free seat here: https://hubs.la/Q01T8qJT0
Isnt 2.B Minimum Password Strength in conflict with NIST SP 800-63B recommendation of 8 characters? Also mainframes like z/OS have a maximum password length of 8, I would think CISA would have included passphrase with password since z/OS can use up to 100 characters with passphrase.