The head of the Cybersecurity and Infrastructure Security Agency’s (CISA’s) TIC Program Office emphasized that the Trusted Internet Connections (TIC) 3.0 initiative aims to create more flexible and efficient ways for Federal agencies to improve security, and said his office is considering a wide range of additional use cases to help agencies implement the framework. […]

Department of Homeland Security (DHS) Deputy Chief Technology Officer Brian Campo said that DHS has finalized the final draft of a two-year roadmap for adoption of the zero trust security model. […]

Communication, collaboration, and coordination are being touted as the keys to success for teleworking during the coronavirus pandemic, but the best frameworks for cyber defense in these modern times may end up coming from old teachings. […]

Continuous Diagnostics and Mitigation (CDM) Program Manager Kevin Cox said on Oct. 13 that the program office is making progress on one of its key goals for Fiscal Year 2021 – connecting Federal agencies to its second-generation Elasticsearch dashboard. […]

Even before its official launch, the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is generating additional interest in its applicability for non-defense sectors, panelists said at the CISQ Cyber Resilience Summit. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance has taken center stage this year not only as a long-planned policy evolution, but also as a potential life-saver for Federal agencies to employ new use cases applicable to their need to implement wide-ranging and long-lasting telework. […]

U.S. policy-makers and several close foreign allies issued a statement this weekend calling for technology providers to provide access for governments and law enforcement to encrypted data and protected systems. […]

The Federal Aviation Administration (FAA) needs to take further action to spur improvements in aircraft avionics systems in order to meet evolving cybersecurity threats and the trend toward increased connectivity between aircraft and systems, the Government Accountability Office said. […]

Across several agencies with the Department of Defense (DoD), building a zero-trust architecture to secure IT systems is becoming the strategy of choice for agency leaders as several confirmed efforts to transition over from a traditional perimeter approach today. […]

The Department of Homeland Security (DHS) has issued a new rule that will expand its insider threat program to cover “the categories of individuals to all individuals who have or had access to the Department’s facilities, information, equipment, networks, or systems.” […]

The Treasury Department is asking organizations not to pay off malicious actors to terminate ransomware attacks without carefully considering possible national security threats – and said it may implement penalties for organizations that choose to pay ransom to their attackers. […]

The increased shift to telework seems like it is here to stay as employers work to slow the spread of COVID-19 several months into the pandemic, and the Cybersecurity and Infrastructure Security Agency (CISA) released new telework tips for leaders, IT professionals, and teleworkers to keep the remote environment secure. […]

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) today issued a new draft paper to help organizations address ransomware and other data integrity events. […]

The U.S. House of Representatives recently passed the American Competitiveness on More Productive Emerging Tech Economy (COMPETE Act) and the Consumer Safety Technology Act (H.R. 8128), both now move to the Senate for consideration. […]

The House of Representative this week voted to approve a collection of bills that aim to improve cybersecurity in the energy sector, inform the use of emerging technologies, and establish R&D plans. […]

Federal legislation to help strengthen the cybersecurity of state and local governments through a Department of Homeland Security grant program passed the House of Representatives on Sept. 30 – with impetus for the legislation coming from across the U.S. in the form of numerous ransomware and other attacks in recent years. […]

In a discussion about creating more diversity in the field of cybersecurity, Department of Agriculture CISO Venice Goodwine encouraged cyber professionals not to let anyone put them in a box, to invest in themselves, and to be deliberate in their career decisions. […]

A two-part ransomware guide released yesterday by the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) directs cyber professionals on how to protect against and respond to attack. […]

The interim rule for the Cybersecurity Maturity Model Certification was posted in the Federal Register on Sept. 29, opening a public comment period for the amended regulation, which is scheduled to become effective November 30. […]

The Department of Defense (DoD) has had an ongoing problem – the cybersecurity of its defense industrial base contractors. An interim rule scheduled to be published in the Federal Register tomorrow is the department’s next step in addressing that problem. […]

A recent review by the Department of Homeland Security (DHS) Office of Inspector General (OIG) found that Customs and Border Patrol (CBP) did not adequately protect sensitive data on an unencrypted device used during its Vehicle Face System pilot—a facial recognition technology pilot. […]

Rep. Lauren Underwood, D-Ill., became the chair today of the House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation, one of the chamber’s primary panels with jurisdiction over cybersecurity issues. […]

Data from a Federal agency has been stolen in a cyber theft, according to an analysis report released Sept. 24 by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The specific agency, timeframe of the intrusion, and thief are not identified in the report. […]

To combat phishing attacks that could crumble an entire agency’s cybersecurity safeguards at one employee’s incorrect click, the National Institute of Standards and Technology (NIST) has launched a new method to understand why individuals fall for the malicious links. […]

Former government officials from the United States and around the world joined with technology companies and non-profit organizations in a call to prioritize digital trust and security addressed to the President of the United Nations General Assembly. […]

The Government Accountability Office said in a report that in order to fully implement the White House’s National Cyber Strategy a “clarity of leadership” is “urgently needed.” […]

On Sept. 23, the National Institute of Standards and Technology (NIST) released a “historic” update to its flagship security and privacy guidance, Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. […]

As the U.S. faces increased foreign cyber threats, the Department of State said in 2019 that it would stand up a Bureau of Cyberspace Security and Emerging Technologies (CSET) to address these threats, but according to the Government Accountability Office (GAO), State hasn’t informed or involved other partners in the bureau planning, which could increase risks of duplicating efforts. […]

On Friday, Assistant Director for the Cybersecurity and Infrastructure Security Agency (CISA) Bryan Ware announced that the agency was issuing Emergency Directive 20-04, which instructs Federal Civilian Executive Branch agencies to apply a security update for Microsoft’s Windows Servers to all domain controllers. […]

A key Congressman on the House Armed Services Committee spoke in support of three technology bills Friday, expressing optimism with the “bipartisan and bicameral” legislation as the legislative calendar for this session of Congress winds down. […]