Three elements of cryptographic agility
What is cryptographic agility?
Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s). This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.
CFACTS How-To: Submit a support request
How to submit a support request
You can now submit an inquiry or support request by using the portal here. (Tip: Bookmark this page for easy access.)
On the support portal, you’ll need to provide:
The SSP is now the SSPP: Here’s Why
The System Security and Privacy Plan (SSPP) is a collection of information associated with the FISMA system security. The SSPP provides an accurate, detailed description of the FISMA system itself, its security requirements, and the controls that are in place to protect the system.
We are announcing a subtle yet important change - the name has been updated from SSP to SSPP.
CFACTS Update: ARCHER 6.14 coming to CFACTS
What’s changing?
ARCHER is the underlying application behind CFACTS. ARCHER is being upgraded to 6.14 which will move the top navigation to the lefthand side of the page. This allows for easier access to pages like Assessment & Authorization (A&A), Federal Enterprise Management, and Work Request Management with additional quick access to subpages. Also, the left panel can be collapsed by clicking the round menu button on the right-hand side.
CFACTS Cloud migration update: Job codes
The CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition.
Do I need a new job code?
There will be new job codes for accessing CFACTS-Cloud.
CFACTS Update: New features for generating CAAT files in CFACTS
The CMS Assessment and Audit Tracking (CAAT) spreadsheet is used to track system vulnerabilities following any assessment, audit, or penetration testing. The CAAT is entered into CFACTS and used to help ISSOs start preparing a Plan of Action and Milestones (POA&M) to remediate system weaknesses.
Cryptographic agility in the zeitgeist
Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s). This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.
CFACTS Update: Improvements to ATO Request workflow
Getting an Authorization to Operate (ATO) is a lot of work. The CFACTS team is dedicated to making the process smoother for ISSOs and other ATO stakeholders. We have made updates to the ATO Request workflow in CFACTS, which are summarized below.
Completing tasks in CFACTS is easy with "CFACTS How-To" videos
You may have noticed several changes in how system information and documents are stored in the CMS FISMA Continuous Tracking System (CFACTS). To help you navigate these changes, the CFACTS Team has been busy making "how-to" videos designed to help Information System Security Officers (ISSOs), System/Business Owners, and Cyber Risk Advisors (CRAs) complete tasks in CFACTS.
Getting a Pentest? Try a Threat Model first!
Introduction
As the sports saying goes, “The best defense is a good offense.” The idea is to gain a strategic advantage against an opponent by anticipating their move and forcing them to be in a defensive, reactive state. The same applies to cyber security. With the age of cloud, Agile SDLCs, and ever-increasing attack surface, it has become imperative for businesses to embrace proactive security practices to effectively safeguard their assets and
systems. Often done alone, two vital approaches are Threat Modeling and Penetration Testing.