The Cyberspace Solarium Commission, which has served as an influential incubation chamber for a big chunk of cybersecurity policies that have become Federal law and policy over the past two years, underwent a status change over the holidays. The commission, which was born as a Federally commissioned group, transitioned to a 501(c)3 non-profit over the new year. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) is cataloguing significant progress it has made in developing its “National Critical Functions” (NCF) framework, and pointing to next steps in the effort. […]

As a very busy 2021 comes to a close, it’s time to reflect on the past year and look forward with optimism to the possibilities of the new one that’s about to begin. Rounding the corner to 2022, MeriTalk asked several experts on the industry side of Federal IT for their predictions of what the next year will bring. […]

Cybersecurity took a front seat for the Federal government in 2021, with numerous cyberattacks on government and industry helping to spark a sweeping cybersecurity executive order and a host of new efforts to improve the nation’s security posture. As the year comes to an end, MeriTalk is rounding up our top cyber moments of 2021: […]

With the Dec. 24 deadline approaching for Federal agencies to remediate the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed to MeriTalk that there have still been no compromises of Federal agencies via the Apache Log4J vulnerability. […]

Federal IT teams are scrambling to patch the Log4j and Log4Shell vulnerabilities before they cause major damage – and meet newly updated CISA guidance for Federal civilian agencies requiring immediate mitigation.  […]

The year 2021 has played out as a non-stop whirlwind of activity for the Federal IT community – one unprecedented in recent memory for new policy direction, funding pushes, and urgency to improve network security. […]

The Department of Navy has appointed retired Lt. Cmdr. Josh Reiter as the service branch’s Deputy Principal Cyber Advisor. Reiter, a veteran of both the Navy and Naval Cyber communities, has served in the post since September, according to his LinkedIn. […]

The Accreditation Board (CMMC-AB) for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program has elected Vice Chair Jeff Dalton to be its next CMMC-AB Chair, the board announced Dec. 20. […]

This year further brought IT to the forefront of many organizations’ strategies in 2021, but as Federal chief information officers (CIOs) look to 2022, strengthening their agency’s workforce and cybersecurity posture are their big priorities for the year ahead. […]

The holidays are typically a time to relax and spend time with loved ones, but the White House reminded corporate executives and business leaders that malicious cyber actors don’t take the holidays off in new guidance issued on Dec. 16. […]

Despite a proclamation over the weekend from Sen. Joe Manchin, D-W.V., that he was a “no” on the existing version of Build Back Better Act legislation, Senate Majority Leader Chuck Schumer, D-N.Y., said in a Dear Colleague letter today that he plans to keep working on the reconciliation legislation until they “get something done.” […]

Digital security breaches have shown us that Federal agencies are more vulnerable than anyone thought, and their security tools are no longer effectively defending against them. This begs the question, what can IT leaders and staff at all levels do to better protect Federal networks? The short answer: it’s time to rethink our approach to basic security and how we defend every endpoint across the enterprise. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to Federal agencies today, requiring them to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. […]

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the fourth installment on securing the integrity of 5G cloud infrastructures. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said Dec. 14 that there has been no confirmed compromise of any Federal agencies as a result of the Log4j vulnerability. But CISA reiterated it has added the vulnerability to its catalog of known vulnerabilities over the weekend, giving agencies two weeks to remediate and mitigate any potential harm. […]

The Department of Homeland Security (DHS) announced today that it is launching a new edition of its Hack DHS program – a bug bounty program started in 2019 – to identify potential cybersecurity vulnerabilities within certain DHS systems. […]

The Biden administration’s Cybersecurity Cybersecurity Executive Order issued in May 2021 has put a greater emphasis on cybersecurity at the Federal level – which is especially important after numerous high-profile ransomware and software supply chain attacks came to light earlier in the year – but many Federal cyber leaders say the Cyber EO only addresses a fraction of today’s cybersecurity challenges. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released a statement on Dec. 11 with guidance for organizations to protect themselves against the “log4j” critical vulnerability that surfaced over the weekend. […]

While a good bit of the focus on the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act has centered around the lack of incident reporting and other legislative items that were cut from the bill, the defense spending bill that passed the House of Representatives last week continues to retain a variety of important cybersecurity and tech-related provisions. […]

The Cybersecurity and Infrastructure Security Agency (CISA) held its inaugural Cybersecurity Advisory Committee meeting Dec. 10, focusing heavily on how CISA and the committee can increase the Federal and national cybersecurity workforce. […]

The Cybersecurity and Infrastructure Security Agency (CISA) held its first Cybersecurity Advisory Committee meeting today, in which agency officials laid out their expectations for the committee and called for actionable cyber recommendations from committee members that CISA can implement. […]

The Better Cybercrime Metrics Act – legislation that aims to improve cybercrime data collection and give Federal law enforcement more tools to stop online crime – was approved this week by the Senate via unanimous consent, and by the House Judiciary Committee via voice vote. […]

The Office of the National Cyber Director has hired Joe Croce as its senior budget advisor, according to Croce’s LinkedIn. […]

Despite the Department of Defense’s (DoD) efforts to add its Cybersecurity Maturity Model Certificate (CMMC) program to its acquisition process beginning in 2021 and up until full implementation in fiscal year (FY) 2026, a new report from the Government Accountability Office (GAO) found that DoD has not met its implementation goals, nor properly communicated key decisions with industry. […]

After a spate of cyberattacks and ransomware attacks on American companies and critical infrastructure providers since the start of the COVID-19 pandemic, lawmakers and members of the cybersecurity industry expressed shock and disappointment that mandatory cyber incident reporting was dropped from the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA). […]

Two major pieces of cybersecurity legislation – a Senate-approved bill to reform the Federal Information Security Management Act (FISMA), and another bill to standardize reporting requirements for major cybersecurity incidents – both failed to make the cut in the House-Senate conference version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA) that passed the House Dec. 7. […]

The Government Accountability Office (GAO) is acknowledging strides that the Biden administration has taken this year to broadly improve cybersecurity, but is still encouraging the Federal government to take more steps to strengthen the cybersecurity of the nation’s critical infrastructure in light of several high-profile cyber incidents over the course of the past year. […]

Federal mandates, including Cloud Smart and the Biden administration’s cybersecurity executive order, are pushing agencies to modernize and migrate to the cloud. But with modernization comes complexity. Agencies are increasingly living in a hybrid world, with some workloads remaining on-premises while others move to the cloud. Add multi-cloud vendors to the mix, and it becomes harder for agencies to have a holistic view across their environments. […]

The Department of Justice (DoJ) announced that a Russian cybercriminal, charged with providing hosting services for fellow cybercriminals, will serve 60 months in prison for services he provided for malware distribution and attacks on American financial institutions between 2009 and 2015. […]