The cybersecurity threats that have prompted wide-scale action to improve security across the Federal government are posing equal dangers to state and local governments, and officials said at FCW’s CDM Summit virtual event on November 4 that the same solutions being put into place by the Feds also are scalable and adaptable by state and local governments. […]

After a lengthy review process, the Department of Defense today issued an update to its Cybersecurity Maturity Model Certification (CMMC) program – dubbed CMMC 2.0 – that will simplify some of the cybersecurity requirements for contractors in the Defense Industrial Base (DIB) looking to do business with the government. […]

As high-profile ransomware and other cyberattacks have spiked over the past year, the Small Business Administration (SBA) is working to prevent and mitigate against them by leveraging capabilities from the Continuous Diagnostic and Mitigation (CDM) program, and working with organizations including the Cybersecurity and Infrastructure Security Agency (CISA) – which runs the CDM program – and the Federal Bureau of Investigation (FBI). […]

While President Biden’s executive order (EO) on improving the nation’s cybersecurity and the follow-on guidance from the White House Office of Management and Budget (OMB) represent critical steps forward in protecting the U.S. against the increasing volume and dangers of cyber-attacks, Federal agency officials said during an ATARC webinar on November 2 that the directives also present challenges that may require flexibility in their execution. […]

Despite a general cyber workforce shortage, National Cyber Director Chris Inglis today said his office has a “robust pipeline of talent” and expects to have 25 employees staffed in his office by the end of December, once Fiscal Year (FY) 2022 appropriations are released. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued a Binding Operational Directive (BOD) to significantly boost the nation’s cyber hygiene by creating a catalog of known exploited vulnerabilities and forcing Federal agencies to remediate them. […]

The National Institute of Standards and Technology (NIST) has released draft criteria for consumer software cybersecurity labeling, as mandated by the Biden administration’s Cybersecurity Executive Order. […]

The Federal Deposit Insurance Corporation (FDIC) has a strong information security maturation, with an overall grade of 4 on a 5-point scale, but still has “significant security control weaknesses,” according to a recent audit of its information security practices released by the FDIC Office of the Inspector General (OIG). […]

A trio of Republican senators is seeking information from the Transportation Security Agency (TSA) about its process for developing the two pipeline security directives it issued this summer, according to an Oct. 28 letter sent to Department of Homeland Security (DHS) Inspector General (IG) Joseph Cuffari. […]

John Sherman, who has served as Acting CIO for the Department of Defense (DoD) and is the nominee to move into the position permanently, told members of the Senate Armed Services Committee at a confirmation hearing on October 28 that he wants to put in place a new strategy to develop DoD cyber talent, among other steps if his nomination is confirmed. […]

The Federal Communications Commission (FCC) has opened the filing window for the $1.9 billion Secure and Trusted Communications Networks Reimbursement Program. In September, the FCC announced that the filing window would run from Oct. 29 to Jan. 14, 2022. […]

The Secure Equipment Act has now cleared both the House and Senate, and is expected to land on President Biden’s desk for his signature shortly. […]

The acting manager of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is hailing quick progress that the program and Federal agencies have made in signing new agreements mandated by the Biden administration’s Cybersecurity Executive Order to share object-level network data with the CDM program, rather than the summary-level data that was previously required. […]

As Democrats in the House and Senate reconcile differences on the slimmed-down $1.75 billion budget reconciliation bill that funds “soft” infrastructure priorities, some tech and cyber-related provisions have fallen out of the bill or had their funding levels slashed, while others made new appearances into the latest draft of the bill, which has been cut down from its original $3.5 trillion price tag. […]

Legislative and Federal policy efforts are coming together to focus on protecting the top-most tiers of critical infrastructure in the United States, top officials from the House and the Cybersecurity and Infrastructure Security Agency (CISA) agreed today.  […]

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published cybersecurity guidance to securely build and configure cloud infrastructures in support of 5G. […]

The future of developing the Federal cybersecurity workforce could rely on apprenticeships to fill the talent pipeline and improve retention in cyber roles. […]

In addition to facing cyber threats from nation-states, both government and private organizations have been the victims of an increased volume of ransomware attacks from criminal organizations over the last two years. A Central Intelligence Agency (CIA) official emphasized this week that organizations need to be on the lookout for any suspicious activity on their systems in order to guard against the uptick in ransomware attacks. […]

The threat landscape has shifted drastically amid the COVID-19 pandemic as more and more organizations and governments deal with emerging cyberattacks and ransomware threats. Pure Storage, an IT leader delivering a portfolio of modern data solutions and services, has continued to provide organizations with innovative solutions to mitigate these threats with its portfolio of data protection tools. […]

Chris Inglis, the nation’s first-ever National Cyber Director, is building out his office with an inaugural strategic intent statement, as well as the addition of Federal Chief Information Security Officer (CISO) Chris DeRusha who will have a dual designation as the deputy national cyber director for Federal cybersecurity. […]

The Trusted Internet Connections (TIC) 3.0 program office at the Cybersecurity and Infrastructure Security Agency (CISA) recently released its TIC 3.0 remote user case document, and a TIC 3.0 Cloud Use Case document is also in the works, program lead and CISA Senior Cybersecurity Architect Sean Connelly said today. […]

As Federal agencies approach the six-month mark since President Biden issued his Cybersecurity Executive Order (EO) in May, Federal officials are pointing to the zero trust, supply chain risk management, and data aspects of the EO as the greatest opportunities to make a difference in shoring up security. […]

Five months after the debut of the Biden administration’s sweeping Cybersecurity Executive Order, Federal agencies are “highly engaged” in grappling with the order’s mandate for migration to zero trust security architectures, both on the planning and funding fronts. […]

The transition to zero trust security architectures is integral to the U.S. Department of the Army’s modernization efforts, said Army CIO Raj Iyer during an FCW virtual roundtable on October 27 where he explained security challenges that the service branch is facing and how the move to zero trust security concepts will help. […]

Routinely, data breaches demonstrate the pitfalls of relying on detection to identify malicious activities taking place on a network. Federal cyber experts discussed the importance of prevention over detection to combat cyber threats and how zero trust can enhance cyber solutions on Oct 28 at an event hosted by FCW. […]

In the face of increasing cyberattacks on U.S. critical infrastructure and growing service demands on the electric grid, members of the Senate Homeland Security and Governmental Affairs Committee’s Government Operations and Border Management Subcommittee discussed the need for greater Federal investments in protecting the grid and ensuring abundant power supplies at an October 27 hearing. […]

With an evolving cyber threat landscape and adversaries that are growing more sophisticated by the day, National Security Agency (NSA) Director Gen. Paul Nakasone – who also heads United States Cyber Command (CYBERCOM) – today pointed to partnership and collaboration as the best way to protect the nation from cyber threats. […]

Long-time Federal government IT and cybersecurity leader Karen Evans is heading to the Cyber Readiness Institute (CRI) – a New York-based nonprofit that aims to advance the cyber readiness of small and medium-sized businesses in order to improve the security of global supply chains – as the organization’s managing director. […]

After fits and starts reaching back over the last two years, the State Department has unveiled plans to establish a new Bureau of Cyberspace and Digital Policy, along with an envoy for critical and emerging technology, State Department spokesperson Ned Price announced at a press briefing this week. […]

Microsoft is warning that it has seen Nobelium – the Russian nation-state threat group responsible for the SolarWinds software supply chain hack – trying to recreate the same approach that allowed it to gain access to Federal government systems, according to an Oct. 24 blog post from the company. […]