It’s an interesting time to take stock of DHS CISA’S Continuous Diagnostics and Mitigation (CDM) program – the big question, seven years in, is CDM improving Federal cyber security? That’s what Hill leaders want to know – and that’s why MeriTalk surveyed 160 Federal government and industry CDM stakeholders to grade the program’s effectiveness. […]
The Department of Homeland Security (DHS) improved its performance on the department’s FISMA (Federal Information Security Modernization Act) audit, going from Level 3 in Fiscal Year 2017 to Level 4 in FY2018, an agency inspector general’s report issued this month shows. […]
The U.S. Department of Homeland Security’s (DHS Cybersecurity and Infrastructure Security Agency (CISA) released the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force’s first interim report, which details the groups’ progress since its formation. […]
The Department of Homeland Security’s (DHS) Strengthen Federal Cybersecurity Cross-Agency Priority (CAP) goal plan is likely to meet its fiscal year 2019 target for Federal agencies having capabilities to manage user access and privileges that will be monitored on the Federal CDM Dashboard. […]
Federal cybersecurity officials spoke about the strategies they’re pursuing to address workforce issues within their agencies during a Sept. 18 Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Summit panel. […]
The Senate Subcommittee on Financial Services and General Government today approved the FY2020 Financial Services and General Government Funding bill that zeros out funding for the Technology Modernization Fund (TMF) for FY2020, a source with knowledge confirmed. […]
A sampling of many of the most important private-sector players supplying technology and services through the Continuous Diagnostics and Mitigation (CDM) Program reveals optimism about the pace of Federal agency implementation of the program. […]
The General Services Administration is taking its FedRAMP Program to cloud service providers, start-ups, and entrepreneurs in San Francisco on Sept. 25 to showcase opportunities to work with the program that speeds the authorization process to provide products and services in the Federal government’s $90 billion per year IT market. […]
Federal CIO Suzette Kent celebrated the Office of Management and Budget’s (OMB) release of its new TIC (Trusted Internet Connections) 3.0 policy today as a major milestone in the Trump administration’s efforts to complete meaningful updates of Federal IT policies that are more than five years old. […]
Rep. Gerry Connolly, D-Va., chairman of the House Government Operations Subcommittee, pledged late Tuesday to continue his subcommittee’s vigorous oversight of Federal agency IT modernization efforts, and to evolve the criteria underlying one of the more visible aspects of that oversight effort – the semiannual FITARA (Federal Information Technology Acquisition Reform Act) Scorecard issued by the full House Oversight and Reform Committee. […]
While two teams made up of Federal and industry IT executives battled for honors out on the cricket pitch under brilliant sunshine on Saturday, the biggest winner of the day was the USO of Metropolitan Washington-Baltimore (USO-Metro), which raised thousands at the annual event to benefit members of the U.S. military and their families. […]
In defending the integrity of election security for 2018, U.S. Cyber Command used 2016 as a framework to thoroughly understand adversaries in the cyber domain. […]
Federal and Defense officials spoke at today’s Billington Cybersecurity Summit about procurement cybersecurity challenges they face and the initiatives they’ve launched to combat those hurdles by shifting toward a “security first” approach to acquisition and supply chain management. […]
Kevin Cox, program manager for the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program, today detailed several priorities for the program office in FY2020 that begins next month. Those include focus on the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm, the new dashboard ecosystem, enterprise mobility management, cloud security, and protection of high-value assets. […]
Grant Schneider, the Federal government’s chief information security officer, said the Office of Management and Budget (OMB) is aiming to provide “maximum support” to Federal agencies as they work to improve network security. […]
A project under development at the National Institute of Standards and Technology (NIST) is aiming to fully automate FedRAMP (Federal Risk and Authorization Management Program) and enable interoperable automation for cloud service providers (CSPs). […]
Reps. John Ratcliffe, R-Texas, and Ro Khana, D-Calif., announced today that they will formally introduce the Advancing Continuous Diagnostics Mitigation (CDM) Act later this week. The House bill, which was dropped off on the House floor today, is identical to its Senate companion bill which was introduced on July 30. […]
Kevin Cox, Program Manager for the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program, sat down with MeriTalk in June to talk about a range of new and ongoing program activities that are vital to improving Federal agency security. […]
The Social Security Advisory Board (SSAB), an independent agency tasked with advising the President, Congress, and the Social Security Administration (SSA), announced the creation of an expert panel of experienced leaders in the Federal IT community to review SSA’s IT modernization efforts. […]
MeriTalk sat down in June with Kevin Cox, Program Manager for the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program, to get the latest on program priorities for the coming months and beyond. […]
The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) identified an uptick in security gaps in the Centers for Medicare & Medicaid Services’ (CMS) Medicare administrative contractors (MACs) information security programs in fiscal year 2018, according to an OIG report released Aug. 23. […]
Zero trust is a simple concept – don’t trust anyone; verify everyone; do it continually – with a more complex goal of ensuring the right people have the right level of access to the right resources in the right context. The model has gained traction across industries, with giants like Google declaring that their internal private network is just as dangerous as the internet. The concept is also gaining momentum within Federal agencies. […]
Rep. John Ratcliffe, R-Texas, confirmed to MeriTalk that he will reintroduce the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act. His office said to expect the bill “within the next month or so.” […]
The Federal government saw a 12 percent reduction in cybersecurity incidents in fiscal year 2018, and no “major” cybersecurity incidents for the year, according to the Office of Management and Budget’s annual report on the Federal Information Security Modernization Act (FISMA). […]
Hybrid cloud innovation is driving the data revolution and, the new data landscape will need its experts to power the future of the Federal agency data revolution. […]
The Department of Veterans Affairs (VA) and Defense Department’s (DoD) Defense Logistics Agency (DLA) announced that they began a strategic partnership Aug. 12 to aid the VA in its supply chain management modernization efforts. […]
While the Continuous Diagnostics and Mitigation (CDM) program is here to stay for Federal agencies, taking proper approaches to data classification, collection, and analysis are key components to optimizing the program’s aims, security experts said last week at MeriTalk’s Cyber Security Brainstorm event. […]
The National Nuclear Security Administration (NNSA) is not using its authority to exclude suppliers that pose a threat to its supply chain. While the agency is working on drafting recommendations to improve the usefulness of its authorities, it keeps pushing back when it will actually complete the recommendations, according to an August 8 report from GAO. […]
John Felker, who last month was named assistant director of the Cybersecurity and Infrastructure Security Agency’s (CISA) Integrated Operations Division (IOD), on Thursday discussed IOD’s plans to integrate operations of CISA’s three primary component organizations in order to produce better cyber threat data intelligence that will include inputs from Continuous Diagnostics and Mitigation (CDM) programs implemented by Federal agencies. […]
The Federal Acquisition Regulation will ban agencies from procuring equipment from five Chinese companies, including Huawei and ZTE, starting August 13, according to an interim rule published August 7. […]