The Biden administration’s cybersecurity executive order (EO) issued in May 2021, brought along an ambitious deadline schedule for reporting requirements, which Federal chief information officers (CIOs) advise agencies to meet – even if their answer is that they’re “not ready yet.” […]

Amid the blizzard of mounting security threats posed by sophisticated adversaries and increased attack surfaces spawned by large-scale telework, most Federal agencies are getting the message and moving strongly toward developing zero trust security architectures. […]

Government agencies have had to adapt to the “new normal” brought on by COVID-19 – new ways of working, new consumer behaviors, and new business reorganization. But the key to success is updated modernization, according to several chief information officers (CIO). […]

With tensions rising over a possible further Russian invasion of Ukraine, the Biden Administration is laying out potential sanctions it could impose against Russia, up to and including export controls on American-made technologies including AI-enabling and other software products, according to a senior administration official. […]

Bipartisan leaders of the House Oversight and Reform Committee today introduced their version of legislation that would update the Federal Information Security Modernization Act (FISMA), which sets cybersecurity requirements for Federal civilian agencies. […]

The National Security Agency (NSA) has issued a technical report for systems administrators to prevent cyber actors from using malicious PDFs to target networks in a Windows environment. […]

Over the past several months, the United States has experienced many cyberattacks to large cities and small towns. These attacks, Secretary of the Department of Homeland Security (DHS) Alejandro Mayorkas told mayors across the country indicate that cities across the United States need to identify a cyber leader regardless of the size and sophistication of the infrastructure to remain vigilant about cybersecurity. […]

The latest cyber order released by the Cybersecurity and Infrastructure Security Agency (CISA) gives Federal agencies and industry the resources to stop or limit cybercriminals from infiltrating their systems; Michael Duffy, an associate director at CISA, said. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released the finalized ‘IPv6 Considerations for TIC 3.0’ guidance document today, providing security considerations related to implementing the Trusted Internet Connections (TIC) 3.0 as Federal agencies transition to IPv6. […]

President Biden today signed a National Security Memorandum (NSM) intended to improve the cybersecurity of National Security, Department of Defense (DoD), and Intelligence Community (IC) Systems. […]

The increased velocity of major cyber attacks on U.S. government and private sector targets is giving increased urgency to the adoption of cyber incident reporting rules that will improve the government’s ability to identify and defeat them, said Tonya Ugoretz, Deputy Assistant Director for the Cyber Readiness, Outreach, and Intelligence Branch at the Federal Bureau of Investigation. […]

General Dynamics Information Technology (GDIT) President Amy Gilliland talked about the vital role that system integrators play for Federal agencies, along with growing agency appetite for zero trust security technologies, during an address to the Northern Virginia Technology Council (NVTC) on Jan. 14. […]

Reps. Yvette Clarke, D-N.Y., and Ritchie Torres, D-N.Y., are seeking more information on efforts by the Cybersecurity and Infrastructure Security Agency (CISA) efforts to reduce security risks to Federal networks through the use of multi-factor authentication (MFA). […]

After a surprising failure to get mandatory cyber incident reporting included in the fiscal year (FY) 2022 National Defense Authorization Act (NDAA), Rep. Yvette Clarke, D-N.Y., and John Katko, R-N.Y., called the issue a top cybersecurity legislative priority for 2022. […]

The Senate this week approved bipartisan legislation that would create a cyber training program for Federal employees, aimed to help protect the Federal government against cyberattacks and supply chain security vulnerabilities. […]

The Department of Defense (DoD) has launched the DoD University Consortium for Cybersecurity (UC2) to better facilitate communication between the Secretary of Defense and academia, and fulfilling a requirement from the 2020 National Defense Authorization Act, DoD announced Jan. 10. […]

Kenneth Wainstein, the Biden administration’s nominee to become undersecretary for Intelligence and Analysis (I&A) at the Department of Homeland Security (DHS), fielded questions on several tech-related issues from members of the Senate Intelligence Committee at a Jan. 12 committee hearing to consider his nomination. […]

The Senate this week approved legislation sponsored by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, which would promote stronger cybersecurity coordination between the Department of Homeland Security (DHS) and state and local governments. […]

Improving cybersecurity has become the key to better protecting critical infrastructure and meeting mission needs within the government space, but according to an official from the Government Accountability Office (GAO), Federal agencies still have a long way to go to be cyber-ready. […]

Officials from the Cybersecurity and Infrastructure Security Agency (CISA) and within the cybersecurity industry are warning of the potential for threat actors to have already exploited the Log4j vulnerability, but are waiting to pull the trigger on any planned exploits until focus on the vulnerability abates. […]

U.S. Army Chief Information Officer Raj Iyer confirmed on LinkedIn that the service branch has updated its download policy for Office 365 users to allow for more use of personal devices. […]

While cybersecurity threats continue to grow and evolve, public sector organizations are worrying the most about increasing cybersecurity threats from foreign governments. […]

House Oversight and Reform Committee leadership today unveiled their draft legislation to make major changes to the 2014 Federal Information Security Management Act (FISMA) that sets cybersecurity requirements for Federal civilian agencies. […]

Industry leaders today urged the House Oversight and Reform Committee to strengthen the Federal Information Security Management Act (FISMA) to keep up with evolving cyber threats and place a greater emphasis on cybersecurity outcomes, rather than compliance. […]

The Cybersecurity Infrastructure Security Agency (CISA), National Security Agency (NSA), and FBI are warning critical infrastructure owners and operators of Russian threats to domestic critical infrastructure. […]

The Cybersecurity and Infrastructure Security Agency (CISA) added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog on Jan. 10. […]

As agencies accelerate efforts to move to secure cloud services and zero trust architecture in line with the requirements of the Biden administration’s executive order on cybersecurity (EO), many are challenged to close visibility gaps and blind spots in their technology environments. In a MeriTV interview, Sean Connelly, program manager for Trusted Internet Connections at the Cybersecurity and Infrastructure Security Agency (CISA), and Michael Dickman, chief product officer at cloud visibility and analytics firm Gigamon, assessed those visibility gaps and what it will take to close them – ensuring that data is secure across physical, virtual, and cloud networks. […]

The Defense Counterintelligence and Security Agency (DCSA) announced that effective January 18, retired Marine Maj. Gen. Daniel Lecce will take over as the agency’s deputy director. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released its Public Safety Communications Security white paper today in an effort to explain the importance of Communications Security (COMSEC), basic elements of a COMSEC program, and how to develop an encryption strategy to prevent and mitigate unauthorized access to information. […]

A month after its first public warnings about the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is continuing to work with Federal agencies and the public to mitigate potential exposure, and also renewing calls for a software bill of materials (SBOM) to aid in system visibility and inventory management. […]