As the Federal Risk and Authorization Management Program (FedRAMP) gears up for its 20x Phase Two pilot, it released this week two new requests for comment (RFC) and a new Vulnerability Detection and Response (VDR) Standard. […]
The Pentagon is preparing to release new guidance on data tagging and labeling, according to a senior official. The move aims to resolve a long-standing issue that has hindered the department’s ability to fully implement its zero trust cybersecurity strategy. […]
The Pentagon is drafting a new version of its cybersecurity blueprint, Zero Trust Strategy 2.0, expected to be released by the end of the year, according to Randy Resnick, director of the Zero Trust Portfolio Management Office. […]
After years of delays in implementing the Technology Business Management (TBM) framework, the Government Accountability Office (GAO) is calling on the Office of Management and Budget (OMB) to either make TBM an administration priority or terminate the costly effort altogether. […]
Having a zero trust architecture in place is critical to defending against advanced cyber adversaries – particularly in highly contested environments, a senior State Department cybersecurity official said during a GDIT webinar on Aug. 12. […]
The General Services Administration (GSA) announced today that its Federal Risk and Authorization Management Program (FedRAMP) has already approved more than twice as many cloud security authorizations in fiscal year (FY) 2025 as it did in all of FY 2024. […]
The Federal chief information officer CIO) gave rare commentary on the direction he wants to see the Federal government take in modernizing its processes and functions – marking one of his most public statements yet. […]
The General Services Administration’s (GSA) FedRAMP 20x initiative has announced its first four authorizations since the 20x revamp effort was unveiled on March 24. […]
House appropriators for the second year in a row are declining to propose new funding for the General Services Administration’s (GSA) Technology Modernization Fund (TMF) – leaving the question of new funding up to either Senate appropriators and/or a novel plan that the Office of Management and Budget (OMB) released in June. […]
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on June 11 published its final practice guide – Implementing a Zero Trust Architecture (NIST SP 1800-35). […]
Officials with the General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) said on June 11 that they envision rapid progress through the rest of this year on several pilots that are aiming to harness automation to speed FedRAMP’s ability to approve cloud-based service offerings for government agency use. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program has made progress in meeting some of its key goals, but a new Government Accountability Office (GAO) report says the program lacks sufficient guidance for managing network security and data protection. […]
The Defense Department’s (DoD) Zero Trust Portfolio Management Office is eyeing a September timeframe to issue new zero trust security guidance for operational technology (OT) and internet of things (IOT) technology. […]
The White House Office of Management and Budget (OMB) is proposing a new funding model for the Technology Modernization Fund (TMF) in fiscal year (FY) 2026 that could provide the fund with up to $100 million in funding per year. […]
The Federal Risk and Authorization Management Program (FedRAMP) said today it has received the first draft versions from industry organizations of the submissions they plan to make by later this month in response to the program’s FedRAMP 20x Phase One pilot. […]
Officials with the Federal Risk and Authorization Management Program (FedRAMP) are asking industry to submit draft versions of their planned submissions for the FedRAMP 20x Phase One pilot between May 19 and May 26. […]
The Federal Risk and Authorization Management Program (FedRAMP) issued a call on May 9 for public comments on a proposed update to its continuous monitoring reporting rules. […]
The Department of the Navy’s cloud-based Microsoft Office 365 platform – dubbed Flank Speed – became the first zero trust solution to reach the Pentagon’s “target level” status last year and is now on track to achieve “advanced” zero trust compliance, with 151 of 152 required activities completed, a senior Navy tech official said today.? […]
The General Services Administration (GSA) said today it is refocusing the repayment model for awards distributed by the Technology Modernization Fund (TMF) toward full repayment by Federal agencies from savings they generate from their IT improvement projects. […]
Officials with the Federal Risk and Authorization Management Program (FedRAMP) are urging industry players to move quickly in preparing their submissions for the FedRAMP 20x Phase One pilot that the program detailed in a blog post last week. […]
The Federal Risk and Authorization Management Program (FedRAMP) is working on proposed changes to current continuous monitoring reporting standards and data repository standards and expects to release draft versions of those proposed changes in the May-July time frame. […]
Reps. Gerry Connolly, D-Va., and Nancy Mace, R-S.C., on Thursday reintroduced the Modernizing Government Technology (MGT) Reform Act, a bipartisan bill that would reauthorize and reform the Technology Modernization Fund (TMF) and its governing board. […]
The Federal Risk and Authorization Management Program (FedRAMP) issued calls for comment today on three significant program changes as part of the FedRAMP 20x program revamp announced last month by the General Services Administration (GSA), which runs the program. […]
The Federal Risk and Authorization Management Program’s (FedRAMP) Applying Existing Frameworks Working Group reported on April 22 that it has been gathering initial input on ways to maximize the program’s use of existing commercial security frameworks, and is drilling further down into that topic by posing questions about machine-readable formats and shared commercial-Federal framework environments. […]
The Federal Risk and Authorization Management Program’s (FedRAMP) Program Management Office (PMO) is in the process of drafting a standard for low-impact key security indicators (KSIs) as part of ongoing work on the program’s “20x” revamp unveiled on March 24. […]
The Federal Risk and Authorization Management Program (FedRAMP) held a kick-off meeting on Thursday for its new Continuous Reporting Community Working Group, which will look to leverage automation to support a future state where ongoing risk monitoring is enforced, validated, and reported continuously. […]
The Federal Risk and Authorization Management Program (FedRAMP) is aiming to maximize its use of existing commercial security frameworks and reduce redundant documentation requirements as part of its “20x” program revamp, program officials said today. […]
The Defense Information Systems Agency’s (DISA) Thunderdome program has reached full compliance with the Pentagon’s advanced zero trust standards two years before deadline, a spokesperson for the agency confirmed to MeriTalk. […]
Former Federal CIO Suzette Kent said today that upskilling the Federal workforce is a “foundational linchpin” to the government’s developing strategy to move toward the adoption of more advanced and automation-driven technologies. […]
The Federal Risk and Authorization Management Program (FedRAMP) today kicked off a public working group that will explore the possibility of creating key security indicators (KSIs) that could help the program more rapidly evaluate the security of cloud services. […]