The Office of the National Cyber Director has hired Joe Croce as its senior budget advisor, according to Croce’s LinkedIn. […]

Despite the Department of Defense’s (DoD) efforts to add its Cybersecurity Maturity Model Certificate (CMMC) program to its acquisition process beginning in 2021 and up until full implementation in fiscal year (FY) 2026, a new report from the Government Accountability Office (GAO) found that DoD has not met its implementation goals, nor properly communicated key decisions with industry. […]

After a spate of cyberattacks and ransomware attacks on American companies and critical infrastructure providers since the start of the COVID-19 pandemic, lawmakers and members of the cybersecurity industry expressed shock and disappointment that mandatory cyber incident reporting was dropped from the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA). […]

Two major pieces of cybersecurity legislation – a Senate-approved bill to reform the Federal Information Security Management Act (FISMA), and another bill to standardize reporting requirements for major cybersecurity incidents – both failed to make the cut in the House-Senate conference version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA) that passed the House Dec. 7. […]

The Government Accountability Office (GAO) is acknowledging strides that the Biden administration has taken this year to broadly improve cybersecurity, but is still encouraging the Federal government to take more steps to strengthen the cybersecurity of the nation’s critical infrastructure in light of several high-profile cyber incidents over the course of the past year. […]

Federal mandates, including Cloud Smart and the Biden administration’s cybersecurity executive order, are pushing agencies to modernize and migrate to the cloud. But with modernization comes complexity. Agencies are increasingly living in a hybrid world, with some workloads remaining on-premises while others move to the cloud. Add multi-cloud vendors to the mix, and it becomes harder for agencies to have a holistic view across their environments. […]

The Department of Justice (DoJ) announced that a Russian cybercriminal, charged with providing hosting services for fellow cybercriminals, will serve 60 months in prison for services he provided for malware distribution and attacks on American financial institutions between 2009 and 2015. […]

The National Institute of Standards and Technology (NIST) has released the final draft of its Internet of Things (IoT)-specific guidance for Federal organizations, intended to support extending their risk management process to the inclusion of IoT devices in Federal systems. […]

To protect high value assets (HVAs), Jennifer Franks, the director of information technology and cybersecurity team at the Government Accountability Office (GAO), recommends agencies build a more structured organization around HVAs, or even a designated team, as opposed to only having one or two people with access to HVAs. […]

The House of Representatives on Dec. 1 approved a pair of cybersecurity bills, along with a bill that would create a task force to study the future of 6G wireless technologies. […]

Identity management is one of the main pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model, but CISA’s program lead for the Trusted Internet Connection (TIC) program office Sean Connelly said that while identity is an important pillar, it should not be the only pillar agencies focus on. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced the members of its new Cybersecurity Advisory Committee, which will be tasked with advising and providing recommendations to the CISA director on policies, programs, planning, and training to enhance the nation’s cyber defense. […]

MITRE Corp., the operator of Federally-funded R&D centers that aim to help the U.S. government with a host of scientific and tech research issues, is advancing a series of recommendations for congressional action on high-profile cybersecurity issues prior to Senate action beginning Nov. 29 on the FY2022 National Defense Authorization Act (NDAA) which features numerous provisions that would impact Federal cyber defenses. […]

The Department of Homeland Security (DHS) has tapped Erin Hayes to serve as the director of operations for its just-launched Cybersecurity Talent Management System (CTMS), according to Hayes’ LinkedIn. […]

As the Senate returns to work on Nov. 29 with the completion of debate on the Fiscal Year (FY) 2022 National Defense Authorization Act (NDAA) at the top of its agenda, lawmakers will be looking to tack on a host of cybersecurity-related amendments to the defense spending bill. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a request for information (RFI) focused on email security capabilities that will protect Federal networks and the Federal Civilian Executive Branch (FCEB) .gov domain enterprise from threats and strengthen cyber defenses. […]

Former U.S. Secretary of Defense Ash Carter said cybersecurity risks are a “very serious matter” and called for stronger retaliation from the U.S. government and Department of Defense (DoD) against malicious cyber actors. […]

As the Federal government continues to focus on boosting the nation’s cybersecurity hygiene, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Nov. 18 that visibility and modernization are the keys to improving the nation’s cybersecurity posture. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a cybersecurity advisory today, warning public and private sector organizations to stay vigilant for ransomware attacks and other cyberattacks leading up to and during the holiday season. […]

After a potential setback late last week, Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, are still looking to attach their legislation to reform the Federal Information Security Modernization Act (FISMA) added to the Senate’s fiscal year (FY) 2022 National Defense Authorization Act (NDAA) making its way through the chamber, a Senate Homeland Security and Governmental Affairs Committee staffer told MeriTalk. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has launched its Infrastructure Dependency Primer (IDP) learning tool, which aims to help state, local, tribal, and territorial planners and decisionmakers better understand how infrastructure dependencies can impact their communities and how to increase resilience. […]

The complexity and flexibility of emerging fifth-generation (5G) wireless technologies make the process of defining a security assessment boundary complex, thus it’s crucial to maintain a wide aperture concerning 5G cybersecurity, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said during a Palo Alto Network webinar on Nov 18. […]

The Cybersecurity and Infrastructure Security Agency (CISA) will be rolling out a new protected Domain Name System (DNS) technology in 2022, CISA’s Trusted Internet Connections (TIC) program lead Sean Connelly said on Nov. 18. […]

The Office of the National Cyber Director has hired Rexford G. “Rex” Booth as its senior policy advisor, according to Booth’s LinkedIn. […]

The Department of Justice (DoJ) announced it has charged two Iranian nationals for their role in a cyber-enabled disinformation and threat campaign “to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord” in the 2020 U.S. presidential election. […]

The House of Representatives passed the Build Back Better (BBB) Act this morning, sending the more than $1.75 trillion reconciliation package to the Senate. The bill includes billions for supply chain resiliency, as well as additional cybersecurity and IT modernization funding. […]

The Senate Commerce, Science, and Transportation Committee voted Nov. 17 to approve President Biden’s nomination of Laurie Locascio to become Undersecretary of Commerce for Standards and Technology, and director of the National Institute for Standards and Technology (NIST). […]

U.S., U.K., and Australian cybersecurity agencies are warning that hackers associated with Iran have exploited vulnerabilities in Fortinet and Microsoft products to carry out attacks. Officials urged in a recent advisory that critical infrastructure organizations patch these vulnerabilities to mitigate against possible attacks. […]

An FBI official did not deny prior reports that the agency held the decryption key from the Kaseya ransomware attacks for multiple weeks without giving it to parties victimized by the attacks but told the House Oversight and Reform Committee at a Nov. 16 hearing that it chose to do so in the interest of figuring out how to achieve the widest-ranging impact from the key. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released new Cybersecurity Incident and Vulnerability Response Playbooks today, completing a vital assignment from President Biden’s Cybersecurity executive order (EO). […]