Federal and Defense officials spoke at today’s Billington Cybersecurity Summit about procurement cybersecurity challenges they face and the initiatives they’ve launched to combat those hurdles by shifting toward a “security first” approach to acquisition and supply chain management. […]
Kevin Cox, program manager for the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program, today detailed several priorities for the program office in FY2020 that begins next month. Those include focus on the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm, the new dashboard ecosystem, enterprise mobility management, cloud security, and protection of high-value assets. […]
Grant Schneider, the Federal government’s chief information security officer, said the Office of Management and Budget (OMB) is aiming to provide “maximum support” to Federal agencies as they work to improve network security. […]
A project under development at the National Institute of Standards and Technology (NIST) is aiming to fully automate FedRAMP (Federal Risk and Authorization Management Program) and enable interoperable automation for cloud service providers (CSPs). […]
Reps. John Ratcliffe, R-Texas, and Ro Khana, D-Calif., announced today that they will formally introduce the Advancing Continuous Diagnostics Mitigation (CDM) Act later this week. The House bill, which was dropped off on the House floor today, is identical to its Senate companion bill which was introduced on July 30. […]
Kevin Cox, Program Manager for the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program, sat down with MeriTalk in June to talk about a range of new and ongoing program activities that are vital to improving Federal agency security. […]
The Social Security Advisory Board (SSAB), an independent agency tasked with advising the President, Congress, and the Social Security Administration (SSA), announced the creation of an expert panel of experienced leaders in the Federal IT community to review SSA’s IT modernization efforts. […]
MeriTalk sat down in June with Kevin Cox, Program Manager for the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program, to get the latest on program priorities for the coming months and beyond. […]
The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) identified an uptick in security gaps in the Centers for Medicare & Medicaid Services’ (CMS) Medicare administrative contractors (MACs) information security programs in fiscal year 2018, according to an OIG report released Aug. 23. […]
Zero trust is a simple concept – don’t trust anyone; verify everyone; do it continually – with a more complex goal of ensuring the right people have the right level of access to the right resources in the right context. The model has gained traction across industries, with giants like Google declaring that their internal private network is just as dangerous as the internet. The concept is also gaining momentum within Federal agencies. […]
Rep. John Ratcliffe, R-Texas, confirmed to MeriTalk that he will reintroduce the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act. His office said to expect the bill “within the next month or so.” […]
The Federal government saw a 12 percent reduction in cybersecurity incidents in fiscal year 2018, and no “major” cybersecurity incidents for the year, according to the Office of Management and Budget’s annual report on the Federal Information Security Modernization Act (FISMA). […]
Hybrid cloud innovation is driving the data revolution and, the new data landscape will need its experts to power the future of the Federal agency data revolution. […]
The Department of Veterans Affairs (VA) and Defense Department’s (DoD) Defense Logistics Agency (DLA) announced that they began a strategic partnership Aug. 12 to aid the VA in its supply chain management modernization efforts. […]
While the Continuous Diagnostics and Mitigation (CDM) program is here to stay for Federal agencies, taking proper approaches to data classification, collection, and analysis are key components to optimizing the program’s aims, security experts said last week at MeriTalk’s Cyber Security Brainstorm event. […]
The National Nuclear Security Administration (NNSA) is not using its authority to exclude suppliers that pose a threat to its supply chain. While the agency is working on drafting recommendations to improve the usefulness of its authorities, it keeps pushing back when it will actually complete the recommendations, according to an August 8 report from GAO. […]
John Felker, who last month was named assistant director of the Cybersecurity and Infrastructure Security Agency’s (CISA) Integrated Operations Division (IOD), on Thursday discussed IOD’s plans to integrate operations of CISA’s three primary component organizations in order to produce better cyber threat data intelligence that will include inputs from Continuous Diagnostics and Mitigation (CDM) programs implemented by Federal agencies. […]
The Federal Acquisition Regulation will ban agencies from procuring equipment from five Chinese companies, including Huawei and ZTE, starting August 13, according to an interim rule published August 7. […]
With the year quickly coming to a close, the FedRAMP Authorization Act will be one of Rep. Gerry Connolly’s “big priorities” for legislation, with a markup session expected when the House returns from its August recess, Connolly said during MeriTalk’s Cyber Security Brainstorm today. […]
The General Services Administration (GSA) recommends that agencies use IT Schedule 70 to procure solutions to implement Technology Business Management (TBM) practices – including advanced tools like artificial intelligence (AI) and robotics process automation (RPA) – alongside IT financial management solutions. […]
The FITARA (Federal Information Technology Acquisition Reform Act) Scorecard issued twice per year by the House Oversight and Reform Committee is likely to see some changes in the near term due to the need for new data sources, new policies, and shifting congressional priorities, said Kevin Walsh, FITARA executive at the Government Accountability Office (GAO). […]
Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, reintroduced the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act on July 30. […]
A new survey from the Internet Innovation Alliance (IIA) finds that data privacy and security concerns are generally shared across generations, with broad support for a national privacy law. […]
The American Council for Technology – Industry Advisory Council (ACT-IAC) has updated its IT Management and Maturity Model to mirror the changes in the FITARA scorecard. […]
The Office of Management and Budget (OMB) needs to do more to help Federal agencies with FISMA (Federal Information Security Modernization Act) compliance, according to a recent Government Accountability Office (GAO) report. […]
Leadership of the House Government Reform Subcommittee introduced legislation today that would codify into law the FedRAMP (Federal Risk Assessment and Management Program), and take a number of other actions aimed at making the program work more efficiently. […]
The Federal Risk and Authorization Management Program (FedRAMP) today announced the launch of its Ideation Challenge that aims to inform the next iteration of the program’s processes and supporting functions. […]
The Federal Bureau of Investigation (FBI) BI is looking to map its IT architecture as it implements Technology Business Management (TBM), and is investigating if industry can meet the bureau’s needs. The FBI issued a request for information for a commercial tool on July 23, with responses due by August 20. […]
Department of Agriculture (USDA) CIO Gary Washington said today that his agency is focusing on boosting its FITARA (Federal Information Technology Acquisition Reform Act) grades by the time the House Oversight and Reform Committee issues its next set of scores – expected in December – and is confident that the agency can accomplish that goal. […]
The Consumer Financial Protection Bureau (CFPB) did not fully assess and authorize all of its cloud systems and did not effectively communicate with the FedRAMP program management office, leaving its cloud security at risk, according to an inspector general report published July 17. […]