The Cybersecurity and Infrastructure Security Agency (CISA) is looking to set an “aggressive” pace to conduct the rulemaking proceeding necessary to implement recently approved cyber incident reporting legislation, but also indicated today that completion of a rulemaking could be a couple of years away. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is holding a series of public listening sessions aimed at using a community-based effort to advance the conversation around the technologies, policies, and processes required to implement Software Bills of Materials (SBOM), according to a Federal register post published today. […]

The Space Development Agency at the Department of Defense (DoD) on May 26 announced the award of a $324.5 million contract to General Dynamics Mission Systems to “establish the ground Operations and Integration segment for Tranche 1 of the National Defense Space Architecture (NDSA)” that eventually will feature a constellation of 166 satellites. […]

The Government Accountability Office (GAO) said in a new report this week that the United States Coast Guard needs to get a better handle on risk evaluations for some of its smaller IT acquisition projects. […]

The Commerce Department’s Bureau of Industry and Security (BIS) has published a final rule in the Federal Register that restricts cybersecurity export controls in an effort to prevent foreign adversaries from accessing hacking tools. […]

The Cybersecurity and Infrastructure Security Agency (CISA) – along with the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering – has released a proposed five-step 5G Security Evaluation Process today for Federal agencies to receive authorization to operate (ATO). […]

While many cybersecurity officials strive to achieve “no risk” when it comes to cyber risk management, officials from NASA this week explained that’s just not possible and suggested that agencies instead focus on managing risks that are important to the mission. […]

State government IT officials said this week they are working to deploy their share of $1 billion of Federal cybersecurity grant funding approved last November by Congress as part of the $1.2 trillion bipartisan infrastructure bill. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said today it is “encouraged” by quick Federal agency responses to its May 18 emergency directive to patch or unplug several vulnerable VMware products from agency networks, but did not provide any hard figures on whether agencies met CISA’s May 24 deadline to take action. […]

Can technology innovation – coupled with the boldest kind of leadership – work together to start fixing the most intractable problems facing America? On July 21 – we’re going to find out. The countdown to MerITocracy 2022: American Innovation Forum is on. […]

As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies. […]

Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters, D-Mich., along with the committee’s Democratic staffers, released a report today taking the Federal government to task for gathering insufficient data on ransomware attacks, and the use of cryptocurrencies as payments in those attacks where a ransom has been paid. […]

Join MeriTalk and Merlin Cyber on June 1 at 10 a.m. for our complimentary Zeroing in on Application and Data webinar, where government and industry IT experts will put the spotlight on the data and application pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. […]

The Department of Defense (DoD) has taken steps to fully implement cybersecurity requirements for controlled unclassified information (CUI), however, none of the DoD components were fully compliant on that front as of January 2022, according to a recent Government Accountability Office (GAO) report. […]

National Cyber Director Chris Inglis said he views the current cybersecurity threat landscape as an evolution that is increasingly impacting confidence in systems, rather than just focusing on critical functions or data. […]

The in-person forum – at the Marriott Marquis in Washington, D.C., from 8:00 a.m. to 6:00 p.m. – will host bipartisan leaders from Congress, the Biden administration, and America’s tech industry to examine the most pressing problems facing citizens in our democracy, and map out creative solutions from the nexus of policy and technology. Request your invitation today by emailing meritocracy@meritalk.com. […]

MeriTalk research – executed in partnership with RSA Conference, underwritten by Cofense, Keeper Security, Recorded Future, Secureworks, and SentinelOne, and capturing the viewpoints of 100 Federal and 100 private-sector security experts – shows that a whopping 93 percent of respondents believe that public-private partnerships are “vital” to national cyber defense. […]

Federal agencies are balancing evolving security requirements while defending against persistent threats, and the increased use of cyber threat intelligence and information sharing is helping government organizations make faster, more informed decisions to combat malicious activity, according to a National Science Foundation (NSF) technology official. […]

Security information sharing between the Federal government and private sector has been on the rise recently – whether it’s through the Joint Cyber Defense Collaborative, or various Information Sharing and Analysis Centers across the government, to name just a few – and a National Security Agency (NSA) official said this week that increased collaboration is being driven by mission demand and a higher degree of trust between organizations. […]

The Government Accountability Office (GAO) flagged 13 open recommendations for improvement for the State Department as of May 2022 in an annual report on the agency, including recommendations for improving data quality and cybersecurity. […]

Chris DeRusha, who wears the dual hats of Federal Chief Information Security Officer (CISO) and Deputy National Cyber Director for Federal Cybersecurity in the Office of the National Cyber Director, charted some near-term policy goals on the security front during a keynote address on May 19 at MeriTalk’s Cyber Central May 2022 – Mission: Cyber Resilience in-person conference. […]

As President Biden’s cybersecurity executive order (EO) stretches past its first year, Federal agencies are at varied points in their progress on the EO’s orders. Federal leaders say it is important for agencies to approach the EO’s zero trust components strategically and understand their networks as they make the move to a zero trust architecture. […]

As the health care and education sectors have become prime targets for cyberattacks, experts from those sectors expressed their needs on May 18 for more funding and Federal collaboration to better protect the cyber posture of schools and hospitals. […]

The House Committee on Financial Services on May 17 voted to approve an amended version of H.R.7022 – the Strengthening Cybersecurity for the Financial Sector Act of 2022 – and send the bill to the full House of Representatives for consideration. […]

The Cybersecurity and Infrastructure Security Agency (CISA) on May 17 issued a new advisory highlighting how cyber threat-actors are exploiting poor security configurations. […]

The National Aeronautics and Space Administration (NASA) awarded Booz Allen Hamilton a $622.5 million contract to provide Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS), NASA announced May 17.
The contract will have Booz Allen Hamilton supporting NASA’s Office of the Chief Information Officer, providing CyPrESS and related services for the office. According to the release, the CyPrESS contract is the agency’s first enterprise cybersecurity and privacy services contract.
The award is a hybrid indefinite delivery/indefinite quantity contract. The CyPrESS award will also consolidate the cybersecurity and privacy work done under previous enterprise IT contracts and various centers.
The contract has a base period that will run from May 31, 2022, until Sept. 30, 2023, with four option periods that can extend the contract through Sept. 30, 2030. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive to Federal government civilian branch agencies running several VMware products to apply updates to those, or remove them from agency networks until updates can be made. […]

Rep. Eric Swalwell, D-Calif., introduced legislation on May 16 that aims to strengthen U.S. cybersecurity protections for Industrial Control Systems (ICS) amid increased Russian cyber threats to ICS targets. […]

The House of Representatives passed the State and Local Government Cybersecurity Act on May 17, which would promote increased cybersecurity collaboration between the Department of Homeland Security (DHS) and state, local, tribal, and territorial governments (SLTT). […]