website

The General Services Administration is going on the hunt for a permanent director to lead its Login.gov effort and oversee deployment of the $187 million Technology Modernization Fund (TMF) award GSA got for the project last year. […]

cyber workforce

While the Office of the National Cyber Director (ONCD) is still the new kid on the block in Federal cybersecurity policy circles, National Cyber Director Chris Inglis said this week that his office’s success ultimately will hinge on whether it can unite policy, people, and doctrine to act as a viable collaborator with the Federal government and private industry. […]

After reviewing the cyberattack trends from 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with the FBI and other international security partners warning of the rising global threat of ransomware and gave mitigation and remediation advice. […]

Internal Revenue Service (IRS) Commissioner Charles Rettig told Sen. Maggie Hassan, D-N.H., in late December that the IRS needs more money and changes to the tax code to better prevent and prosecute criminal uses of cryptocurrency, which has emerged in recent years as a favored medium of exchange involving ransomware and other cyber attacks. […]

In the wake of the discovery and remediation efforts surrounding the Log4shell vulnerability in the Apache library that contains Log4j, the Cybersecurity and Infrastructure Security Agency (CISA) called for efforts to push forward a software bill of materials (SBOM). Those calls were reiterated today at a Senate hearing on the vulnerability by industry witnesses involved in remediation efforts. […]

Leadership of the Senate Homeland Security and Governmental Affairs Committee has introduced a package bill in the Senate that would update both the Federal Information Security Management Act (FISMA), which sets cybersecurity requirements for Federal agencies, and codify the Federal Risk and Authorization Management Program (FedRAMP) that certifies cloud services as secure to use for Federal government agencies. […]

cyber workforce

In their efforts to help shrink the cyber workforce shortage, officials from the Office of the National Cyber Director (OCND) and the Cybersecurity and Infrastructure Security Agency (CISA) are emphasizing the need for collaboration and creation of a more robust culture of cybersecurity – starting with K-12 education on up. […]

The final version of the Office of Management and Budget’s zero trust security directive issued this week drew strong praise from private-sector providers of security technologies to Federal agencies for its hard deadlines and firm direction to agencies on how to begin digging into the task of migrating toward zero trust architectures. […]

Russia hack

With tensions rising over a possible further Russian invasion of Ukraine, the Biden Administration is laying out potential sanctions it could impose against Russia, up to and including export controls on American-made technologies including AI-enabling and other software products, according to a senior administration official. […]

No Category Set!

After studying the SolarWinds and Microsoft Exchange attacks for the past year, the Government Accountability Organization (GAO) detailed the lessons agencies learned and ten critical actions still needed to address major cybersecurity challenges in a new report. […]

cybersecurity

The Department of Defense (DoD) has launched the DoD University Consortium for Cybersecurity (UC2) to better facilitate communication between the Secretary of Defense and academia, and fulfilling a requirement from the 2020 National Defense Authorization Act, DoD announced Jan. 10. […]

Officials from the Cybersecurity and Infrastructure Security Agency (CISA) and within the cybersecurity industry are warning of the potential for threat actors to have already exploited the Log4j vulnerability, but are waiting to pull the trigger on any planned exploits until focus on the vulnerability abates. […]

A month after its first public warnings about the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is continuing to work with Federal agencies and the public to mitigate potential exposure, and also renewing calls for a software bill of materials (SBOM) to aid in system visibility and inventory management. […]

CISA

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that all large Federal agencies have successfully mitigated the Log4j critical vulnerability that the agency discovered in early December 2021. […]

CISA

With the Dec. 24 deadline approaching for Federal agencies to remediate the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed to MeriTalk that there have still been no compromises of Federal agencies via the Apache Log4J vulnerability. […]

The Department of Navy has appointed retired Lt. Cmdr. Josh Reiter as the service branch’s Deputy Principal Cyber Advisor. Reiter, a veteran of both the Navy and Naval Cyber communities, has served in the post since September, according to his LinkedIn. […]

This year further brought IT to the forefront of many organizations’ strategies in 2021, but as Federal chief information officers (CIOs) look to 2022, strengthening their agency’s workforce and cybersecurity posture are their big priorities for the year ahead. […]

Cloud

The Defense Information Systems Agency (DISA) confirmed today that it plans to sunset its milCloud 2.0 cloud services contract by May 2022, but offered little in the way of firm detail on how it plans to migrate to comparable services the existing customer roster of milCloud 2.0, which is managed for DISA by General Dynamics Information Technology (GDIT). […]

Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) said Dec. 14 that there has been no confirmed compromise of any Federal agencies as a result of the Log4j vulnerability. But CISA reiterated it has added the vulnerability to its catalog of known vulnerabilities over the weekend, giving agencies two weeks to remediate and mitigate any potential harm. […]

While a good bit of the focus on the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act has centered around the lack of incident reporting and other legislative items that were cut from the bill, the defense spending bill that passed the House of Representatives last week continues to retain a variety of important cybersecurity and tech-related provisions. […]

cyber workforce
Pentagon DoD Defense Military

Despite the Department of Defense’s (DoD) efforts to add its Cybersecurity Maturity Model Certificate (CMMC) program to its acquisition process beginning in 2021 and up until full implementation in fiscal year (FY) 2026, a new report from the Government Accountability Office (GAO) found that DoD has not met its implementation goals, nor properly communicated key decisions with industry. […]

After a spate of cyberattacks and ransomware attacks on American companies and critical infrastructure providers since the start of the COVID-19 pandemic, lawmakers and members of the cybersecurity industry expressed shock and disappointment that mandatory cyber incident reporting was dropped from the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA). […]

The Government Accountability Office (GAO) is acknowledging strides that the Biden administration has taken this year to broadly improve cybersecurity, but is still encouraging the Federal government to take more steps to strengthen the cybersecurity of the nation’s critical infrastructure in light of several high-profile cyber incidents over the course of the past year. […]

Since the release of the Cloud First mandate in 2011, the Federal government has been pushing agencies to modernize legacy technology and migrate to the cloud. While Cloud First evolved into Cloud Smart, agencies have historically taken a measured approach to cloud migration. On the most recent FITARA scorecard, only three agencies scored an A in the Modernizing Government Technology category. Eleven agencies scored a C or below. […]

The Department of Justice (DoJ) announced that a Russian cybercriminal, charged with providing hosting services for fellow cybercriminals, will serve 60 months in prison for services he provided for malware distribution and attacks on American financial institutions between 2009 and 2015. […]

The National Institute of Standards and Technology (NIST) has released the final draft of its Internet of Things (IoT)-specific guidance for Federal organizations, intended to support extending their risk management process to the inclusion of IoT devices in Federal systems. […]

Categories