The National Institute of Standards and Technology (NIST) released a zero trust planning guide May 6 for Federal administrators that provides an overview of how the NIST Risk Management Framework (RMF) can be used to develop and implement a zero trust architecture (ZTA). […]
The never-ending rise of cyberattacks on government agencies and critical infrastructure providers underlines the urgent need for both government and the private sector to accelerate toward more agile and resilient cybersecurity models. Government and industry cybersecurity experts will point the way forward to more resilient security postures when they gather on Thursday, May 19 from […]
The never-ending battle against cyber adversaries – and the Federal government’s aim for a quantum leap in improving cyber defenses around zero trust security concepts – has made cybersecurity the white-hot priority for both the public and private sector over the past 12 months. […]
One year ago, the Colonial Pipeline ransomware attack set off a chain reaction of cyber initiatives that would forever impact the private and public sectors. […]
The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for supply chain risk management to help organizations protect themselves in acquiring and using technology products and services. […]
As ransomware attacks become more sophisticated and damaging, resources from the Federal government are providing guidance on how to combat attacks, reduce attack surfaces, and speed recovery – government and private sector experts said during a May 3 webinar organized by MeriTalk and Cohesity. […]
As President Biden’s landmark cybersecurity executive order (EO) approaches its first anniversary on May 12, new research shows that most Federal cybersecurity decision-makers solidly back the aims of the EO, but also think that its initial timelines to implement zero trust security are unrealistic. […]
The Department of Defense (DoD) is in the process of updating the Code of Federal Regulations (CFR) to include the Cybersecurity Maturity Model Certification (CMMC) 2.0 program, and DoD’s Principal Deputy CIO Kelly Fletcher said that an updated CFR should be available for public comment by March 2023. […]
The Securities and Exchange Commission (SEC) said on May 3 it will add 20 new positions to its expanded and newly christened Crypto Assets and Cyber Unit – the division responsible for protecting investors in crypto markets, and from cyber-related threats. […]
Rep. Elissa Slotkin, D-Mich., said today that in a world free of constraints she would want companies to need cybersecurity hygiene certifications in order to deal with the Federal government. […]
The Federal government is making a big push toward zero trust security architectures, but with an abundance of guidance on what makes a zero trust architecture successful, the looming question for many Federal agencies is ‘where do we start?’ Randy Resnick, senior advisor for the Zero Trust Portfolio Management Office at the Department of Defense (DoD), believes the first step is planning. […]
The National Institute of Standards and Technology (NIST) is seeking feedback on a draft special publication about its 5G technologies cybersecurity guidance. […]
President Biden today issued an executive order (EO) that elevates the importance of quantum information science (QIS) by reconstituting a previously created Federal QIS advisory committee and putting it more closely under the White House’s wing, while at the same time issuing a National Security Memorandum that lays out plans to address cybersecurity risks posed by quantum computers. […]
The Library of Congress is planning to create a Cloud Management Office (CMO) within its Office of the Chief Information Officer (OCIO), according to the agency’s justification for its fiscal year (FY) 2023 budget request. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Thursday updated a joint cybersecurity advisory regarding malware deployed by Russian state actors as the country continues its war against Ukraine. […]
As Federal agencies look to bring a zero trust security architecture to their disparate agencies and missions, resources are the main obstacle for agencies, the chief information security officer (CISO) for the Department of Homeland Security’s Information and Analysis (DHS I&A) division said today. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) fiscal year (FY) 2023 budget request came in at $2.5 billion – 18 percent more than requested in FY2022 – but CISA Director Jen Easterly told members of Congress that the agency’s funding needs will continue to increase if CISA hopes to meet the goal of being the nation’s cyber defense agency. […]
Reps. Tom Malinowski, D-N.J., and Andrew Garbarino, R-N.Y., on April 28 introduced companion legislation to a Senate bill offered earlier this year that would task Federal agencies with helping the commercial satellite sector improve the security of their networks. […]
The Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to six Russian hackers responsible for the 2017 NotPetya malware infection. […]
The Defense Information Systems Agency (DISA) Lt. Gen. Robert Skinner pointed private sector IT firms to numerous areas on his technology wish list during his opening keynote address on April 26 at AFCEA International’s TechNet Cyber event in Baltimore and asked the industry to help DISA work through those problems. […]
The Cybersecurity and Infrastructure Security Agency (CISA), along with Federal and international partners, released a list of frequently exploited common vulnerabilities and exposures (CVEs), including the top 15 most exploited CVEs of 2021. […]
The Department of Homeland Security’s (DHS) “Hack DHS” program has successfully completed its first bug bounty program and identified 122 vulnerabilities at the agency. […]
After a lengthy internal review process, the Department of Defense (DoD) released its Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements in November and is now in the early stages of a rulemaking process to implement the revised program. […]
As the one-year anniversary of the Biden administration’s cybersecurity executive order (EO) nears, join Federal government and industry experts on May 19 for MeriTalk’s in-person Cyber Central conference to explore how agencies are building a more resilient government cybersecurity posture. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is bringing on Bob Lord – who has served as the first chief security officer for the Democratic National Committee since 2018 – as a senior technical advisor to the agency, CISA announced April 25. […]
The United States Cyber Command’s (CYBERCOM) Cyber Procurement Office awarded a nearly $60 million contract to Sealing Technologies for the company to continue to produce a successful prototype of a hunt-forward solution for CYBERCOM’s hunt-forward operations, the company announced April 21. […]
New legislation introduced in the House on April 21 aims to increase U.S. expertise in energy infrastructure cybersecurity by authorizing Department of Energy (DoE) grants to expand education and training opportunities that are “the convergence of cybersecurity and energy infrastructure.” […]
National Cyber Director Chris Inglis warned that the U.S. and its allies have to stay on high alert for possible Russian cyberattacks, although no major attacks appear to have been launched thus far since Russia invaded Ukraine in late February. […]
Wider use of software bills of materials (SBOM) requirements represents a key building block in software security and software supply chain risk management that Federal agencies need to increasingly rely on going forward, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said today. […]
The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory April 20, along with Federal law enforcement partners and international allies, that the agency says lays out the “most comprehensive view” of the cyber threat Russia poses to critical infrastructure owners since Russia invaded Ukraine in February. […]