MeriTalk sat down in June with Kevin Cox, Program Manager for the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program, to get the latest on program priorities for the coming months and beyond. […]
The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) identified an uptick in security gaps in the Centers for Medicare & Medicaid Services’ (CMS) Medicare administrative contractors (MACs) information security programs in fiscal year 2018, according to an OIG report released Aug. 23. […]
Zero trust is a simple concept – don’t trust anyone; verify everyone; do it continually – with a more complex goal of ensuring the right people have the right level of access to the right resources in the right context. The model has gained traction across industries, with giants like Google declaring that their internal private network is just as dangerous as the internet. The concept is also gaining momentum within Federal agencies. […]
Rep. John Ratcliffe, R-Texas, confirmed to MeriTalk that he will reintroduce the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act. His office said to expect the bill “within the next month or so.” […]
The Federal government saw a 12 percent reduction in cybersecurity incidents in fiscal year 2018, and no “major” cybersecurity incidents for the year, according to the Office of Management and Budget’s annual report on the Federal Information Security Modernization Act (FISMA). […]
Hybrid cloud innovation is driving the data revolution and, the new data landscape will need its experts to power the future of the Federal agency data revolution. […]
The Department of Veterans Affairs (VA) and Defense Department’s (DoD) Defense Logistics Agency (DLA) announced that they began a strategic partnership Aug. 12 to aid the VA in its supply chain management modernization efforts. […]
While the Continuous Diagnostics and Mitigation (CDM) program is here to stay for Federal agencies, taking proper approaches to data classification, collection, and analysis are key components to optimizing the program’s aims, security experts said last week at MeriTalk’s Cyber Security Brainstorm event. […]
The National Nuclear Security Administration (NNSA) is not using its authority to exclude suppliers that pose a threat to its supply chain. While the agency is working on drafting recommendations to improve the usefulness of its authorities, it keeps pushing back when it will actually complete the recommendations, according to an August 8 report from GAO. […]
John Felker, who last month was named assistant director of the Cybersecurity and Infrastructure Security Agency’s (CISA) Integrated Operations Division (IOD), on Thursday discussed IOD’s plans to integrate operations of CISA’s three primary component organizations in order to produce better cyber threat data intelligence that will include inputs from Continuous Diagnostics and Mitigation (CDM) programs implemented by Federal agencies. […]
The Federal Acquisition Regulation will ban agencies from procuring equipment from five Chinese companies, including Huawei and ZTE, starting August 13, according to an interim rule published August 7. […]
With the year quickly coming to a close, the FedRAMP Authorization Act will be one of Rep. Gerry Connolly’s “big priorities” for legislation, with a markup session expected when the House returns from its August recess, Connolly said during MeriTalk’s Cyber Security Brainstorm today. […]
The General Services Administration (GSA) recommends that agencies use IT Schedule 70 to procure solutions to implement Technology Business Management (TBM) practices – including advanced tools like artificial intelligence (AI) and robotics process automation (RPA) – alongside IT financial management solutions. […]
The FITARA (Federal Information Technology Acquisition Reform Act) Scorecard issued twice per year by the House Oversight and Reform Committee is likely to see some changes in the near term due to the need for new data sources, new policies, and shifting congressional priorities, said Kevin Walsh, FITARA executive at the Government Accountability Office (GAO). […]
Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, reintroduced the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act on July 30. […]
A new survey from the Internet Innovation Alliance (IIA) finds that data privacy and security concerns are generally shared across generations, with broad support for a national privacy law. […]
The American Council for Technology – Industry Advisory Council (ACT-IAC) has updated its IT Management and Maturity Model to mirror the changes in the FITARA scorecard. […]
The Office of Management and Budget (OMB) needs to do more to help Federal agencies with FISMA (Federal Information Security Modernization Act) compliance, according to a recent Government Accountability Office (GAO) report. […]
Leadership of the House Government Reform Subcommittee introduced legislation today that would codify into law the FedRAMP (Federal Risk Assessment and Management Program), and take a number of other actions aimed at making the program work more efficiently. […]
The Federal Risk and Authorization Management Program (FedRAMP) today announced the launch of its Ideation Challenge that aims to inform the next iteration of the program’s processes and supporting functions. […]
The Federal Bureau of Investigation (FBI) BI is looking to map its IT architecture as it implements Technology Business Management (TBM), and is investigating if industry can meet the bureau’s needs. The FBI issued a request for information for a commercial tool on July 23, with responses due by August 20. […]
Department of Agriculture (USDA) CIO Gary Washington said today that his agency is focusing on boosting its FITARA (Federal Information Technology Acquisition Reform Act) grades by the time the House Oversight and Reform Committee issues its next set of scores – expected in December – and is confident that the agency can accomplish that goal. […]
The Consumer Financial Protection Bureau (CFPB) did not fully assess and authorize all of its cloud systems and did not effectively communicate with the FedRAMP program management office, leaving its cloud security at risk, according to an inspector general report published July 17. […]
The Department of Homeland Security (DHS) issued a request for information (RFI) on July 16 for Information Assurance Compliance System (IACS) tools that can support FISMA (Federal Information Security Modernization Act) compliance checks and reporting. […]
The Federal CIO Council announced in a July 16 blog post that it will launch a Federal Mobility Group (FMG) composed of existing Federal mobile tech programs. […]
Risk management in the modern age is largely about cyber hygiene, said Wanda Jones-Heath, Chief Information Security Officer (CISO) for the U.S. Air Force’s Office of the Deputy CIO, today. […]
The July 13 deadline for all Federal agencies to install a Chief Data Officer (CDO) has come and gone. Among the 24 CFO Act agencies, half have named a CDO and the other 12 appear to still be working on it. […]
Democratic and Republican leaders of the House Subcommittee on Government Reform today previewed their bipartisan effort to create legislation that would codify into law the FedRAMP (Federal Risk Assessment and Management Program) program that standardizes security requirements of cloud services used by the government, and make the FedRAMP program operate more efficiently. […]
The House Government Operations Subcommittee’s hearing on the role of FedRAMP in IT modernization is scheduled to begin at 11 a.m., on Wednesday, July 17. […]
Matt Goodrich, a senior advisor at the General Services Administration’s Technology Transformation organization and former director of the FedRAMP (Federal Risk and Authorization Management Program) program, announced in a tweet today that he will depart Federal service on July 26. […]