Cyber Security Exchange
A vertical community of Federal cyber security leaders, project managers, industry, and government IT community stakeholders focused on public-private collaboration and best-practice exchange.
DoD Watchdog Flags Flaws in CMMC 2.0 Assessment Authorization Process
The Department of Defense (DoD) has failed to effectively implement the process for authorizing third-party organizations to conduct Level 2 assessments under the Cybersecurity Maturity Model Certification (CMMC) 2.0, according to a Jan.14 audit report by the DoD Office of Inspector General (OIG). […]
Tagged CMMC, DoD OIG
Leave a comment
New Cybersecurity Order Keys on Fed Systems, Cloud, Software Steps
President Biden’s latest cybersecurity-themed executive order issued today aims to engineer security improvements in at least a dozen major areas, with Federal agency systems, cloud services, and software emerging as prominent topics on an exhaustive list of security policy items. […]
DCSA Pushing to Onboard NSPT Population into CV by FY2025 Deadline
As the clock begins to tick down to the end of fiscal year (FY) 2025 in September, the Defense Counterintelligence and Security Agency (DCSA) is continuing its work to onboard the entire Non-sensitive Public Trust (NSPT) population into DCSA’s Continuous Vetting (CV) services. […]
Tagged CV, DCSA, NSPT, Trusted Workforce 2.0
Leave a comment
White House Launches ‘U.S. Cyber Trust Mark’ Program
The White House on Tuesday launched the long-awaited U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program for wireless internet of things (IoT) devices marketed to consumers. […]
Space Force Sets Up First Cyber Range Squadron
The U.S. Space Force has launched its first-ever cyber range squadron, officially adding “cyber defenders” to its roster as it prepares to battle digital threats in the space domain. […]
Tagged 33rd RGS, Space Force, STARCOM
Leave a comment
Treasury Sanctions China-Based Flax Typhoon Hacker
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced on Jan. 3 that it has imposed sanctions on a Beijing-based cybersecurity company known as Integrity Technology Group, Inc. (Integrity Tech) for its role in a spate of malicious cyber activities. […]
CISA on Treasury Breach: No Other Agencies Impacted
The Cybersecurity and Infrastructure Security Agency (CISA) issued an update today regarding last week’s cybersecurity incident at the Treasury Department, stating that no other Federal agencies appear to have been impacted. […]
Tagged BeyondTrust, Breach, CISA, Treasury Department
Leave a comment
EXIM Bank OIG Identifies ‘Potential Breach’ of PII
The Office of Inspector General (OIG) for the Export-Import Bank of the United States (EXIM) discovered that the agency did not properly protect personally identifiable information (PII) stored on a shared network drive, in an incident the OIG is calling a “potential breach.” […]
Tagged Breach, EXIM Bank, OIG, PII
Leave a comment
HHS Moves to Boost HIPAA Cybersecurity Protections
The Department of Health and Human Services (HHS) kicked off a notice of proposed rulemaking on Dec. 27 that it said aims to change the existing Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule with the goal of improving cybersecurity protections for electronic protected health information (ePHI). […]
Tagged HHS, HIPAA, Security
Leave a comment
Lawmakers Want Answers From Treasury on China-Sponsored Cyber Hack
A bicameral pair of lawmakers is demanding answers from the Treasury Department following a China state-sponsored breach of some of the department’s sensitive systems. […]