The Department of Homeland Security (DHS) finally launched the Cyber Talent Management System (CTMS) to enable more effective recruitment, development, and retention of cybersecurity talent. […]

In the wake of a Government Accountability Office (GAO) report encouraging the Departments of Education and Homeland Security (DHS) to update K-12 cybersecurity guidance, several Democrat senators have written to both agencies urging them to heed GAO’s recommendations, and establish critical infrastructure council structures to advance the issue. […]

President Biden on Nov. 11 signed the Secure Equipment Act, which will prevent equipment manufactured by Chinese state-backed firms such as Huawei, ZTE, Hytera, Hikvision, and Dahua from being further utilized and marketed in the United States. […]

Sponsors of two major pieces of legislation that would make formative changes to the way that private sector companies report cyberattacks to the government – and how Federal government agencies conduct their own cyber defenses – are hitching their hopes for passage to annual defense spending legislation that traditionally gets strong bipartisan support from lawmakers. […]

With K-12 educational institutions increasingly targeted by ransomware and other cyber attacks during the coronavirus pandemic, the Government Accountability Office (GAO) is pushing the Department of Education to update its plans – which currently date from 2010 – for addressing cyber risks faced by schools. […]

With cybercriminals becoming more sophisticated at disguising themselves as legitimate network users, a top Defense Department (DoD) IT official said this week that the Pentagon’s move to zero trust security architectures gives the agency a “fighting chance” to detect and eject hackers before they can do much damage. […]

 Following a November 10 meeting with French President Emmanuel Macron, Vice President Kamala Harris announced that the U.S. will sign onto a three-year old framework offered by the French government as an international framework for cooperation on cyber and supply chain security. […]

After its passage by the House of Representatives Nov. 5, President Biden plans to sign the Infrastructure Investment and Jobs Act on Monday, Nov. 15, authorizing billions of new funding for broadband and cybersecurity, in addition to traditional infrastructure, the administration announced Nov. 10. […]

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said November 10 that the agency’s Binding Operational Directive (BOD) issued earlier this month to Federal agencies to remediate against a list of 300 known exploited cyber vulnerabilities appears to be getting a good reception from government and industry as an effective roadmap on how to prioritize action against prevalent cyber threats. […]

According to a recently released Tripwire survey, most security professionals in the private and public sector described their zero trust security adoption as either progressing, or even well-developed, but also in need of more work. […]

The Department of Veterans Affairs (VA) has released a new cybersecurity strategy intended to protect against exposure of Veterans’ personal information or the corruption of critical data. […]

After more than two months of angling and dealmaking, the House of Representatives voted to approve the $1 trillion Infrastructure Investment and Jobs Act – also known as the Bipartisan Infrastructure Framework – on November 5, sending the bill along with its $2 billion in cyber funding and $65 billion in broadband appropriations to President Biden’s desk for final approval. […]

Richard Grabowski, acting program manager for the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program, explained at a November 4 event organized by FCW that new memoranda of understanding (MOA) that the program has been signing with Federal agencies are a key component to enabling better cyber threat hunting by CISA across agency networks. […]

With an estimated 85 percent of the nation’s critical infrastructure controlled by private entities – and with many of those failing to practice basic cyber hygiene – witnesses told House lawmakers at a November 4 hearing that the time may be ripe for mandatory cyber incident reporting requirements for critical infrastructure operators. […]

Federal agencies as a group are “close” to completing work to put in place the first two of the Continuous Diagnostics and Mitigation (CDM) program’s four key capabilities, said Betsy Kulik, senior advisor for the Cybersecurity and Infrastructure Security Agency’s (CISA) CDM program, at a November 4 online event organized by FCW. […]

The cybersecurity threats that have prompted wide-scale action to improve security across the Federal government are posing equal dangers to state and local governments, and officials said at FCW’s CDM Summit virtual event on November 4 that the same solutions being put into place by the Feds also are scalable and adaptable by state and local governments. […]

After a lengthy review process, the Department of Defense today issued an update to its Cybersecurity Maturity Model Certification (CMMC) program – dubbed CMMC 2.0 – that will simplify some of the cybersecurity requirements for contractors in the Defense Industrial Base (DIB) looking to do business with the government. […]

As high-profile ransomware and other cyberattacks have spiked over the past year, the Small Business Administration (SBA) is working to prevent and mitigate against them by leveraging capabilities from the Continuous Diagnostic and Mitigation (CDM) program, and working with organizations including the Cybersecurity and Infrastructure Security Agency (CISA) – which runs the CDM program – and the Federal Bureau of Investigation (FBI). […]

While President Biden’s executive order (EO) on improving the nation’s cybersecurity and the follow-on guidance from the White House Office of Management and Budget (OMB) represent critical steps forward in protecting the U.S. against the increasing volume and dangers of cyber-attacks, Federal agency officials said during an ATARC webinar on November 2 that the directives also present challenges that may require flexibility in their execution. […]

Despite a general cyber workforce shortage, National Cyber Director Chris Inglis today said his office has a “robust pipeline of talent” and expects to have 25 employees staffed in his office by the end of December, once Fiscal Year (FY) 2022 appropriations are released. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued a Binding Operational Directive (BOD) to significantly boost the nation’s cyber hygiene by creating a catalog of known exploited vulnerabilities and forcing Federal agencies to remediate them. […]

The National Institute of Standards and Technology (NIST) has released draft criteria for consumer software cybersecurity labeling, as mandated by the Biden administration’s Cybersecurity Executive Order. […]

The Federal Deposit Insurance Corporation (FDIC) has a strong information security maturation, with an overall grade of 4 on a 5-point scale, but still has “significant security control weaknesses,” according to a recent audit of its information security practices released by the FDIC Office of the Inspector General (OIG). […]

A trio of Republican senators is seeking information from the Transportation Security Agency (TSA) about its process for developing the two pipeline security directives it issued this summer, according to an Oct. 28 letter sent to Department of Homeland Security (DHS) Inspector General (IG) Joseph Cuffari. […]

John Sherman, who has served as Acting CIO for the Department of Defense (DoD) and is the nominee to move into the position permanently, told members of the Senate Armed Services Committee at a confirmation hearing on October 28 that he wants to put in place a new strategy to develop DoD cyber talent, among other steps if his nomination is confirmed. […]

The Federal Communications Commission (FCC) has opened the filing window for the $1.9 billion Secure and Trusted Communications Networks Reimbursement Program. In September, the FCC announced that the filing window would run from Oct. 29 to Jan. 14, 2022. […]

The Secure Equipment Act has now cleared both the House and Senate, and is expected to land on President Biden’s desk for his signature shortly. […]

The acting manager of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is hailing quick progress that the program and Federal agencies have made in signing new agreements mandated by the Biden administration’s Cybersecurity Executive Order to share object-level network data with the CDM program, rather than the summary-level data that was previously required. […]

As Democrats in the House and Senate reconcile differences on the slimmed-down $1.75 billion budget reconciliation bill that funds “soft” infrastructure priorities, some tech and cyber-related provisions have fallen out of the bill or had their funding levels slashed, while others made new appearances into the latest draft of the bill, which has been cut down from its original $3.5 trillion price tag. […]

Legislative and Federal policy efforts are coming together to focus on protecting the top-most tiers of critical infrastructure in the United States, top officials from the House and the Cybersecurity and Infrastructure Security Agency (CISA) agreed today.  […]