The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program offers a wide range of security benefits for Federal agencies. Still, a CISA official wants to help agencies unlock the program’s full potential. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), along with international partners, published guidance last week for cyber defenders that advises them to not remove PowerShell – Microsoft’s built-in command-line tool with Windows – but to properly configure it. […]

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly is considering a big basket of recommendations delivered this week by the agency’s Cybersecurity Advisory Committee, including suggestions that the agency boost its workforce development and acquisition efforts and establish a new chief people officer position. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an updated version of its Cloud Security Technical Reference Architecture (TRA) that serves as guidance for Federal civilian agencies for secure migration to cloud services. […]

The Government Accountability Office (GAO) is pressing the departments of Treasury and Homeland Security (DHS) to assess whether a further Federal response is needed to address the government’s existing terrorism risk insurance program, which may not cover losses from cyber and other attacks on U.S. critical infrastructure. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is aiming to issue the second version of its  Zero Trust Maturity Model this summer, according to Eric Goldstein, CISA’s executive assistant director for cybersecurity. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released cloud use case guidance for its Trusted Internet Connections (TIC) 3.0 program, the agency announced on June 16. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is winning rave reviews from cybersecurity practitioners who are working to improve Federal civilian agency security. CDM has the potential to become even more crucial to the cyber fight once its latest generation of technologies are fully leveraged. […]

The House Appropriations Homeland Security Subcommittee today approved a homeland security budget print for fiscal year (FY) 2023 that includes $2.93 billion for the Cybersecurity and Infrastructure Security Agency (CISA), representing a $334 million increase from FY2022 and a $417 million increase over the requested amount. […]

While the Cybersecurity and Infrastructure Security Agency (CISA) is working to make progress on numerous discrete security policy directives and projects that it has been handed in recent years, a top agency official explained today that the higher-level goals uniting most of those tasks boil down to the government and the private sector achieving much greater visibility into cyber threats and how to defend against them, and not leaving organizations to defend against threats on their own. […]

After a releasing an op-ed with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly last week that called CISA’s “Shields Up” campaign a new baseline for cyber defenses, National Cyber Director Chris Inglis said today that the cost of entry for cyber attackers is still too low to create stout deterrence. […]

Building a zero-trust security architecture foundation that underlies better cybersecurity capabilities is at the top of the list for Robert Costello, Chief Information Officer at the Cybersecurity and Infrastructure Security Agency (CISA). […]

As the Cybersecurity and Infrastructure Security Agency (CISA) continues to grapple with the early stages of a rulemaking process for recently enacted cyber incident reporting legislation, CISA Director Jen Easterly said it will be crucial to develop trust with the private sector so that the law is seen as “value-added” and not a burden. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and the FBI, this week issued a joint advisory warning telecommunications companies and network service providers of People’s Republic of China (PRC) state-sponsored cyber actors that continue to pose a threat to their networks. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has announced it is now accepting nominations for its first cohort of Cyber Innovation Fellows, with an applications due date of July 8. […]

The Cybersecurity and Infrastructure Security Agency (CISA) on June 6 unveiled its latest cybersecurity public service campaign – aimed at trying to boost adoption of multifactor authentication (MFA) – coinciding with the opening of the RSA Conference in San Francisco, where agency leadership including Director Jen Easterly will be speaking this week. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 1 warning about the Karakurt Data Extortion Group which has been conducting online financial extortion exploits via cyber attacks. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has notified election officials of software vulnerabilities found in Dominion Voting Systems equipment deployed in several states, but also that the agency has found no evidence that those vulnerabilities have ever been exploited. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is looking to set an “aggressive” pace to conduct the rulemaking proceeding necessary to implement recently approved cyber incident reporting legislation, but also indicated today that completion of a rulemaking could be a couple of years away. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is holding a series of public listening sessions aimed at using a community-based effort to advance the conversation around the technologies, policies, and processes required to implement Software Bills of Materials (SBOM), according to a Federal register post published today. […]

The Cybersecurity and Infrastructure Security Agency (CISA) – along with the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering – has released a proposed five-step 5G Security Evaluation Process today for Federal agencies to receive authorization to operate (ATO). […]

MeriTalk recently sat down with Fortinet’s Jim Richberg, public sector CISO, Peter Newton, senior director, product marketing, and Fortinet Federal’s Felipe Fernandez, senior director, system engineering, to gain their insights into how Federal technology teams can integrate all of the components of a zero trust architecture to achieve holistic cybersecurity in a cloud, hybrid, or closed environment. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said today it is “encouraged” by quick Federal agency responses to its May 18 emergency directive to patch or unplug several vulnerable VMware products from agency networks, but did not provide any hard figures on whether agencies met CISA’s May 24 deadline to take action. […]

As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies. […]

Join MeriTalk and Merlin Cyber on June 1 at 10 a.m. for our complimentary Zeroing in on Application and Data webinar, where government and industry IT experts will put the spotlight on the data and application pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. […]

The Cybersecurity and Infrastructure Security Agency (CISA) on May 17 issued a new advisory highlighting how cyber threat-actors are exploiting poor security configurations. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive to Federal government civilian branch agencies running several VMware products to apply updates to those, or remove them from agency networks until updates can be made. […]

The Continuous Diagnostics and Mitigation (CDM) Program – for several years a bedrock asset in the government’s bid to improve Federal agency cybersecurity – is having a decisive impact in furthering agency work on requirements of the Biden administration’s year-old Cybersecurity Executive Order (EO), new research findings from MeriTalk shows. Long before the 2021 Cyber […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory on May 11 – along with Federal law enforcement partners and international allies – that warns of an increase in malicious cyber activity targeting managed service providers (MSPs). […]