The Accredited Standards Committee (ASC) X9, Data and Information Security Subcommittee X9F has assigned a new project to Cryptographic Protocol and Application Security standards working group X9F4. It is now open and calling for participation in the new work item (NWI) X9.125 Cloud Services Compliance Data (CSCD). It intends to “describe a common set of data needed for automating internal control and compliance testing of cloud service infrastructures” to support standard control frameworks. Contributors are sought “from the financial community with expertise in compliance, audit, and information security”.

NIST had a Continuous Monitoring (CM) workshop several months ago to solicit feedback and discuss a technical reference model, as described in draft Internal Report (IR) 7756: An Enterprise Continuous Monitoring Technical Reference Architecture.

The outcome was for NIST to propose technical workflows, subsystems, interfaces, and bindings to SCAP (asset, configuration, and vulnerability management).

NIST has just announced that the requested content is ready for review. They have setup weekly meetings for Thursdays at 10 am Pacific, starting August 18th with a general model discussion. A specific workflow or subsystem will be the subject of each following meeting. Details for the meetings will be communicated to the Emerging Specification Development List. The results of these meetings will be presented at the 7th IT Security Automation Conference.

Peiter Zatko says DARPA RA-11-52 CTF (Cyber Fast Track) was “launched about 18 hours ago”, which confirms a couple things:

1. Cyber is a term not going away anytime soon
2. The US government is going to try being a more overt and transparent supporter of Blackhat researchers (i.e. friends and colleagues of Peiter Zatko — “guys in my address book”)

Details on how to apply are online. Given that money is being pulled out of US education, this may offer an alternative path or a softer landing for students who hope to create software.

We need help and we have money

Opposite approaches to bicycle safety compliance enforcement, as documented on opposite sides of the Atlantic.

First, New York City police ticketed a cyclist for avoiding obstructions, which led to a sarcastic video response:

Second the Mayor of Vilnius, in a sarcastic video, warns that even high-value obstructions to the bicycle lane will be destroyed and then removed: