The General Services Administration (GSA) is creating a voluntary questionnaire to gather pertinent cybersecurity supply chain risk management (C-SCRM) information from vendors. […]

A recent survey found that organizations victimized by ransomware attacks are increasingly deciding to pay the ransom demand to regain access to their systems and data. Those same organizations also are concerned that generative AI could enhance future attacks. […]

The Environmental Protection Agency (EPA) withdrew its memo this week that required states to include cybersecurity audits of U.S. water utilities through sanitary surveys. […]

The Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA) said today that the threat posed by China within the cyber realm is evolving and much more serious today than it was a decade ago ­– particularly when it comes to potentially targeting the United States’ critical infrastructure. […]

A new paper issued this week by trade group BSA | The Software Alliance is urging policymakers to promote the use of AI as a tool to improve cybersecurity and counter malicious cyber actors. […]

Many Federal government agencies are having a difficult time filling cybersecurity roles with skilled personnel, but going forward, the FBI is placing an emphasis on building a diverse workforce to support its mission. […]

The Cybersecurity and Infrastructure Security Agency (CISA) published new guidance today to improve security and risk management of open source software (OSS) use at operational technology (OT) vendors and critical infrastructure facilities. […]

A newly released advisory from the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), highlights the most common cybersecurity misconfigurations in large organizations.  […]

New guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) highlighted significant ongoing challenges Federal agencies and industry face in implementing security controls like multifactor authentication (MFA) to manage identity security. […]

The Transportation Security Administration (TSA) is finalizing permanent cybersecurity rules for critical pipeline operators.  […]

The Advanced Research Projects Agency for Health (ARPA-H) is investing millions into projects that make advancements in technologies that protect the security of health data, the agency announced last week.  […]

According to a new report out from the Government Accountability Office (GAO) on Thursday, the State Department has failed to fully implement its cybersecurity risk program and needs to take a number of steps to better protect its IT network and systems. […]

The Department of Defense (DoD) Inspector General (IG) announced last week that it plans to conduct an audit into the Cybersecurity Maturity Model Certification (CMMC) program – the Pentagon’s high-profile contractor cybersecurity program. […]

A new report from the Government Accountability Office (GAO) finds that Federal agencies and critical infrastructure owners must do a better job at sharing information to tackle increasingly complex cyber threats. […]

The Department of Homeland Security (DHS) – the Cybersecurity and Infrastructure Security Agency’s (CISA) parent agency – said yesterday that only 571 of CISA’s 3,117 employees would continue to work through a government shutdown – meaning that 79 percent of the agency’s staff would be staying home until government funding is restored. […]

Senate Intelligence Committee Chairman Mark Warner, D-Va., is calling on the White House’s Office of Management and Budget (OMB) to review all Federal agencies’ cybersecurity policies for internet of things (IoT) devices to ensure they meet National Institute of Standards and Technology (NIST) guidelines, as required by law. […]

Tech leaders from six prominent government agencies offered suggestions Tuesday for how they want to see the FITARA Scorecard categories improve, particularly when it comes to cybersecurity metrics. […]

The number two official at the Justice Department (DoJ) warned today that the pending government shutdown is “quite dangerous and quite irresponsible” in terms of the effect it would have on the nation’s ability to defend against cyber threats. […]

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the new Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management product from the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force.   […]

The U.S. Air Force has abruptly canceled a highly competitive cybersecurity tech solicitation worth at least $5 billion just before crossing the finish line due to an overwhelming number of proposals from the private sector. […]

The Council of the Inspectors General on Integrity and Efficiency (CIGIE) issued a summary today of the top challenges facing Federal agencies, as identified by those agencies’ respective Offices of the Inspector General (OIG) – and once again IT issues headed up the list. […]

Reps. Mike Gallagher, R-Wis., and Abigail Spanberger, D-Va., introduced new legislation this week that looks to strengthen U.S. defenses against potential cyberattacks by calling on the secretary of Homeland Security to establish a National Risk Management Cycle. […]

A report released by the Foundation for Defense of Democracies (FDD) on Sept. 19 argues that Congress should take another look at legislative recommendations published by the Cyberspace Solarium Commission to shore up U.S. cyber defenses and decide whether to enact them. […]

As AI technologies are increasingly used to create deceptive content, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said on Tuesday that Americans can remain confident in U.S. election infrastructure, but also warned that the information environment is at risk. […]

Cybersecurity experts across the private sector expressed concerns today that a Federal government shutdown would have major negative impacts on the Cybersecurity and Infrastructure Security Agency’s (CISA) ability to defend Federal networks and keep its critical cyber programs running. […]

The Office of the National Cyber Director (ONCD) is creating a playbook that aims to clarify, facilitate, and encourage incorporation of cybersecurity into the Federal grant process. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) new Cyber Supply Chain Risk Management (C-SCRM) Office is in the process of developing training and maturity models for Federal agencies, with an eye of releasing these resources in the new fiscal year (FY) to begin on Oct. 1.   […]

The Cybersecurity and Infrastructure Security Agency (CISA) held its third quarter Cybersecurity Advisory Committee (CSAC) meeting on Sept. 13, where members voted to approve a number of recommendations offered by each subcommittee to the agency, including one that could result in the creation of a national cyber alert system. […]

The Department of Defense (DoD) is pledging to use offensive cyber capabilities to defend the U.S. and its allies against adversaries – particularly the Peoples Republic of China (PRC) – as part of its latest cybersecurity strategy. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released its new Open Source Software Security Roadmap today that lays out the agency’s path forward to help ensure a secure open source software ecosystem within the Federal government. […]