The General Services Administration’s (GSA) mismanagement of Federal contract employees Personal Identity Verification (PIV) cards has put GSA personnel, Federal property, and data at risk, according to a report from the Office of Inspector General’s (OIG). […]

The Treasury Department is proposing a new rule that would make definitional changes to incorporate cyber coverage guidance in Terrorism Risk Insurance Program (TRIP) regulations. […]

The Treasury Department’s Office of Inspector General (OIG) said in a new information memorandum that IT Acquisition, and Project Management and Cyber Threats, remain from the previous year as two of five management and performance challenges for the agency. […]

The Office of Personnel Management’s (OPM’s) cybersecurity fell under scrutiny in two audits by the agency’s inspector general, with both identifying issues in OPM’s controls and security practices. […]

Confirmation of the appointment of Camilo Sandoval as the new Federal CISO has emerged in the form of his listing on the Office of Management and Budget’s (OMB) CIO.gov website as holding the Federal CISO title. […]

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), announced Oct. 30 that it has awarded $2 million to an initiative that will build a national network of cybersecurity technical institutes. […]

Simple, easy to guess passwords are the scourge of cybersecurity staff. On the flip side, many users struggle to remember lengthy and complicated passwords that pass muster with cybersecurity standards. To help bridge the gap between security and useability, Carnegie Mellon’s CyLab Security and Privacy Institute has developed a policy for creating passwords. […]

The Federal Labor Relations Authority (FLRA) scored well on its fiscal year 2020 Federal Information Security Modernization Act (FISMA) audit, with only four areas noted as weaknesses and no carry-over weaknesses from prior year audits. […]

The Federal Maritime Commission (FMC) inspector general flagged several IT security policy issues at the agency in a recent FISMA compliance audit, which FMC pledged to address over the next few months. […]

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) are warning hospitals and the public health sector at large that they face an “imminent” threat of malware attacks. […]

Rep. Jim Langevin, D-R.I., long a leading voice on cybersecurity policy and a member of the Cyberspace Solarium Commission, argued this week that the establishment of internationally accepted norms of behavior in cyberspace is one of the keys to improving the United States’ cybersecurity posture. […]

John Sherman, Principal Deputy CIO at the Department of Defense (DoD), said Oct. 28 that the Pentagon is making progress with IT modernization activities for the parts of the agency known as “the Fourth Estate” – offices that are not military services or intelligence community agencies. […]

The Defense Department’s (DoD) current interim rule for the Cybersecurity Maturity Model Certification (CMMC) will take full effect on December 1, said Katie Arrington, CISO for DoD’s acquisition office, at an October 28 virtual event organized by C4ISRNET. […]

Federal officials this week discussed how they can support new approaches like zero trust and SD-WAN in an efficient and secure way by leveraging the Enterprise Infrastructure Solutions (EIS) contract along with security requirements of the Trusted Internet Connections (TIC) 3.0 policy. […]

The Department of Defense (DoD) Office of Inspector General (OIG) is canceling its audit of corrective actions taken by DoD in response to cybersecurity vulnerabilities identified during operational testing and evaluation of acquisition programs, citing the COVID-19 pandemic. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint cybersecurity advisory on Oct. 22 to warn operators of state, local, territorial, and tribal (SLTT) government networks that they may be targeted by Russian state-sponsored advanced persistent threat (APT) actors. […]

The National Cybersecurity Center of Excellence (NCCoE) is looking for industry partners to support its efforts to build exemplar zero-trust architectures that meet the standards set out by NCCoE’s parent organization, the National Institute of Standards and Technology (NIST). […]

Officials from the Pentagon’s Defense Logistics Agency (DLA) said this week that two of their top concerns for further improving supply chain security are getting better end-to-end visibility of supply chains and integrating more threat intelligence into the picture. […]

A bipartisan Senate bill introduced Oct. 21 would make clear the authority of state governments to deploy their National Guard resources to help state and local governments improve their cybersecurity infrastructure and services. […]

The National Security Agency (NSA) has issued a cybersecurity advisory aimed at defense and intelligence community contractors warning of Chinese state-sponsored cyber actors exploiting publicly- known network vulnerabilities. […]

Republican leadership on the House Oversight and Reform Committee has requested a briefing from Department of Veterans Affairs (VA) officials on the data breach that the agency disclosed last month. […]

A new survey finds that 82 percent of Federal IT decisionmakers expect the majority of the work week to consist of telework even after the COVID-19 pandemic subsides. The survey also finds decisionmakers still face challenges in managing systems and cybersecurity. […]

The Cyberspace Solarium Commission, a congressionally-chartered group charged with delivering recommendations to improve U.S. cybersecurity, today issued its latest in a series of white papers on the subject – this time urging the U.S. to take steps to protect critical information and technology (ICT) supply chains from Chinese and other adversarial nations. […]

The Department of Justice announced today that it indicted six computer hackers – all of them Russian nationals and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU) – for their alleged roles in a wide range of government-sponsored cyber attacks. […]

The Department of Defense (DoD) and the National Security Agency (NSA) have launched a new initiative aimed at increasing diversity in their cybersecurity workforce. […]

Reps. Jim Langevin, D-R.I., and Doris Matsui, D-Calif., introduced a bill Oct. 16 to improve cybersecurity at K-12 schools. The Enhancing K-12 Cybersecurity Act would work to promote more access to security information, better track attack trends, and increase the number of cybersecurity experts in schools. […]

Amid a bevy of Defense Department (DoD) modernization efforts, Secretary of Defense Mark Esper is praising the Army Futures Command (AFC) for advancing the military’s efforts in cyberspace. […]

Industry professionals weighed in this week with their views on how the Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance also works to help enable adoption of zero trust security concepts. […]

Cyber incidents at K-12 schools over the last few years have put the personally identifiable information (PII) of students at risk, with breaches primarily resulting from intentional actions by students and unintentional actions by staff, according to a recent Government Accountability Office (GAO) report. […]

With the benefit of increased flexibility and quick updates, Federal officials praised their ability to respond to the COVID-19 pandemic under the Trusted Internet Connections (TIC) 3.0 policy during a panel session at MeriTalk’s TIC Talks event today. […]