The Department of Defense (DoD) is in the process of updating the Code of Federal Regulations (CFR) to include the Cybersecurity Maturity Model Certification (CMMC) 2.0 program, and DoD’s Principal Deputy CIO Kelly Fletcher said that an updated CFR should be available for public comment by March 2023. […]

The Securities and Exchange Commission (SEC) said on May 3 it will add 20 new positions to its expanded and newly christened Crypto Assets and Cyber Unit – the division responsible for protecting investors in crypto markets, and from cyber-related threats. […]

The National Artificial Intelligence Advisory Committee (NAIAC) held its first meeting on May 4, where it established five working groups to improve the committee’s efficiency and laid out a vision for what the panel hopes to accomplish. […]

Rep. Elissa Slotkin, D-Mich., said today that in a world free of constraints she would want companies to need cybersecurity hygiene certifications in order to deal with the Federal government. […]

Sens. Roger Wicker, R-Miss., and Cynthia Lummis, R-Wyo., have introduced a bill that aims to better coordinate Federal research and development (R&D) efforts on distributed ledger technologies (DLT), including the more commonly known blockchain technology. […]

The Federal government is making a big push toward zero trust security architectures, but with an abundance of guidance on what makes a zero trust architecture successful, the looming question for many Federal agencies is ‘where do we start?’ Randy Resnick, senior advisor for the Zero Trust Portfolio Management Office at the Department of Defense (DoD), believes the first step is planning. […]

The National Institute of Standards and Technology (NIST) is seeking feedback on a draft special publication about its 5G technologies cybersecurity guidance. […]

President Biden today issued an executive order (EO) that elevates the importance of quantum information science (QIS) by reconstituting a previously created Federal QIS advisory committee and putting it more closely under the White House’s wing, while at the same time issuing a National Security Memorandum that lays out plans to address cybersecurity risks posed by quantum computers. […]

Most Federal agencies have undertaken IT modernization efforts intending to change the way IT shops are structured to deliver services to support the mission. Although the benefits of modernization are clear, Federal CIOs agree that agencies still struggle to make these changes. […]

The Library of Congress is planning to create a Cloud Management Office (CMO) within its Office of the Chief Information Officer (OCIO), according to the agency’s justification for its fiscal year (FY) 2023 budget request. […]

The Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) Pilot program completed it’s 12-month journey to promote cyber hygiene and reduce attack surfaces of voluntary DIB participants through identifying vulnerabilities on publicly accessible assets. […]

One of Federal agencies’ primary challenges is ensuring that they are properly managing and securing sensitive data, particularly controlled unclassified information (CUI). Even though CUI is unclassified, it requires special handling and safeguarding. The Defense Counterintelligence and Security Agency notes that loss of aggregated CUI is one of the most significant risks to national security. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Thursday updated a joint cybersecurity advisory regarding malware deployed by Russian state actors as the country continues its war against Ukraine. […]

As Federal agencies look to bring a zero trust security architecture to their disparate agencies and missions, resources are the main obstacle for agencies, the chief information security officer (CISO) for the Department of Homeland Security’s Information and Analysis (DHS I&A) division said today. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) fiscal year (FY) 2023 budget request came in at $2.5 billion – 18 percent more than requested in FY2022 – but CISA Director Jen Easterly told members of Congress that the agency’s funding needs will continue to increase if CISA hopes to meet the goal of being the nation’s cyber defense agency. […]

Reps. Tom Malinowski, D-N.J., and Andrew Garbarino, R-N.Y., on April 28 introduced companion legislation to a Senate bill offered earlier this year that would task Federal agencies with helping the commercial satellite sector improve the security of their networks. […]

A Small Business Administration (SBA) Office of Inspector General (OIG) report summarizing the results of its fiscal year (FY) 2021 Federal Information Security Modernization Act (FISMA) evaluation rates SBA’s overall program of information security as “not effective.” […]

In a new report to Congress, the Government Accountability Office (GAO) is suggesting that lawmakers and several Federal agencies consider and take action on new recommendations related to the COVID-19 pandemic, including steps that address better data collection, keep better track of improper payment data, and shed more light on IT modernization steps at the Centers for Disease Control and Prevention (CDC). […]

The Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to six Russian hackers responsible for the 2017 NotPetya malware infection. […]

The U.S. Election Assistance Commission (EAC) has been given full discretion to decide if states can allocate funds from the Help America Vote Act of 2002 (HAVA) to provide security services for state or local election officials, according to a recent report from the Government Accountability Office (GAO). […]

The Department of Homeland Security (DHS) is standing up a “Misinformation, Disinformation Governance Board” to help combat election security threats and protect the homeland, DHS Secretary Alejandro Mayorkas announced on April 27. […]

The National Security Agency (NSA) confirmed that it re-awarded a cloud computing contract believed to be worth up to $10 billion to Amazon Web Services (AWS) after the agency’s initial award of the deal to AWS last summer was derailed by a protest by Microsoft. […]

The Defense Information Systems Agency (DISA) Lt. Gen. Robert Skinner pointed private sector IT firms to numerous areas on his technology wish list during his opening keynote address on April 26 at AFCEA International’s TechNet Cyber event in Baltimore and asked the industry to help DISA work through those problems. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with Federal and international partners, released a list of frequently exploited common vulnerabilities and exposures (CVEs), including the top 15 most exploited CVEs of 2021. […]

The Defense Information Systems Agency’s (DISA) Thunderdome zero trust project, along with associated identity, credential, and access management (ICAM) efforts, is currently in the process of standing up capabilities in a lab setting before testing it in fielded networks and eventually doing an operational assessment this fall. […]

The Department of Health and Human Services (HHS) announced it launched a new $90 million initiative to improve data collection for health centers to reduce health disparities. The initiative will utilize the remaining American Rescue Plan Act (ARPA) funds. […]

The General Services Administration (GSA) has launched a new Federal acquisition tool, Buy.GSA.gov, to work to centralize the Federal acquisition experience, GSA announced on April 26. GSA said the tool’s key features include the ability to simplify market research, searchable templates and sample documents, and an interactive acquisition package checklist. “This buyer experience tool was built […]

The Department of Homeland Security’s (DHS) “Hack DHS” program has successfully completed its first bug bounty program and identified 122 vulnerabilities at the agency. […]

After a lengthy internal review process, the Department of Defense (DoD) released its Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements in November and is now in the early stages of a rulemaking process to implement the revised program. […]

The National Geospatial-Intelligence Agency (NGA) is in the process of taking over operational control of the Defense’s Department’s (DoD) Project Maven, which the Pentagon formed in 2017 to speed integration of big data and machine learning (ML) technologies, NGA Director Vice Adm. Robert Sharp explained on April 26 at the GEOINT 2022 Symposium. […]