Smarter Gov Tech, Stronger MerITocracy

A report by the U.S. Consumer Product Safety Commission’s (CPSC) Office of Inspector General (OIG) found that CPSC is making progress in implementing Federal Information Security Modernization Act (FISMA) requirements, but still have more work to do in that area. […]


A spotty risk management strategy, along with poor security control assessment procedures, are undermining the Federal Deposit Insurance Corporation (FDIC)’s ability to identify and detect network security threats, according to an FDIC Office of the Inspector General (OIG) report released on Oct. 23. […]


The Smithsonian Institution (SI) made some progress in its Fiscal Year 2018 FISMA (Federal Information Security Modernization Act) audit, but still sat at around a Level 2 on the FISMA scale, according to a report released September 23 by the Smithsonian Office of Inspector General. […]

Department of Homeland Security DHS

The Department of Homeland Security (DHS) improved its performance on the department’s FISMA (Federal Information Security Modernization Act) audit, going from Level 3 in Fiscal Year 2017 to Level 4 in FY2018, an agency inspector general’s report issued this month shows. […]

The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) identified an uptick in security gaps in the Centers for Medicare & Medicaid Services’ (CMS) Medicare administrative contractors (MACs) information security programs in fiscal year 2018, according to an OIG report released Aug. 23.  […]

The Federal government saw a 12 percent reduction in cybersecurity incidents in fiscal year 2018, and no “major” cybersecurity incidents for the year, according to the Office of Management and Budget’s annual report on the Federal Information Security Modernization Act (FISMA). […]

Cyber Security Brainstorm

The Office of Management and Budget (OMB) needs to do more to help Federal agencies with FISMA (Federal Information Security Modernization Act) compliance, according to a recent Government Accountability Office (GAO) report. […]

The Department of Homeland Security (DHS) issued a request for information (RFI) on July 16 for Information Assurance Compliance System (IACS) tools that can support FISMA (Federal Information Security Modernization Act) compliance checks and reporting. […]

Cybersecurity cyber

Federal agencies are unprepared to confront and mitigate cyberthreats today, the Senate Homeland Security and Governmental Affair Committee Investigations Subcommittee determined in a report released today, recommending that agencies give CIOs more authority to make decisions on cybersecurity. […]


A new Federal Information Security Modernization Act (FISMA) report reviewing the Justice Department’s (DoJ’s) Criminal Division (CRM) identified vulnerabilities in five of the eight domain areas in CRM’s 2018 information security program and practices. The public report, released May 23, only summarized the full audit, but the summary said that DoJ’s Office of the Inspector […]

The Nuclear Regulatory Commission’s (NRC) Office of Inspector General (OIG) found in an April 2 Federal Information Security Modernization Act (FISMA) report that NRC should improve its software and network management and security. […]

Department of Transportation

The Transportation Department’s (DoT) Office of Inspector General (OIG) found that the department had the second lowest maturity level for its information security systems, and that its cybersecurity functions were found to be inadequate in a Federal Information Security Management Act (FISMA) audit released last week. […]

DOJ Department of Justice

The Justice Department Office of the Inspector General (OIG) found that DoJ’s Justice Management Division’s (JMD’s) Justice Security Tracking and Adjudication Record System (JSTARS) was overall compliant with the Federal Information Security Modernization Act (FISMA) in an audit summary released yesterday. […]

data sharing

The Office of Inspector General (OIG) Export-Import Bank ((EXIM Bank) of the United States released KPMG’s independent audit report on EXIM Bank’s information security program for FY2018 on March 13. In the report, KPMG, a public accounting firm, provided 14 recommendations that “should strengthen…EXIM’s information security program.” […]

VA, Veterans Affairs

The Department of Veterans Affairs has made progress in meeting Federal Information Security Modernization Act (FISMA) requirements, but still needs to work on most of the recommendations from previous years, a new FISMA audit released last week found. […]

The Department of the Interior received 18 security-related recommendations in a KPMG Federal Information Security Modernization Act (FISMA) audit, which identified several information security risks across the agency. […]

Cyber Security Brainstorm

With emerging technologies like artificial intelligence (AI) and blockchain continuing to reveal their capabilities to the marketplace, Federal IT leaders discussed the potential–and the pitfalls–of implementing new technology in government during a Thursday session at an event hosted by the Armed Forces Communications and Electronics Association (AFCEA). […]

data sharing

An audit of the Pension Benefit Guaranty Corporation (PBGC) to ensure adequate compliance with the Federal Information Security Management Act (FISMA) shows a need for improvement in IT security. […]

jeanette manfra dhs nppd oc&c assistant secretary

Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the Department of Homeland Security, said today that the new update to Federal Information Security Modernization Act (FISMA) guidance will place even more accountability on department leaders and reflects an evolution in discussions between agencies and DHS. […]

The Office of Management and Budget (OMB) released its updated fiscal year 2019 guidance and deadlines for the Federal Information Security Modernization Act of 2014 (FISMA), containing similar deadlines and requirements to the prior year but featuring new language on using Continuous Diagnostics and Mitigation (CDM) vehicles for acquisitions of monitoring tools. […]

US Federal CIO Suzette Kent OMB MeriTalk CCXB

Federal CIO Suzette Kent said today that the Office of Management and Budget (OMB) is working with the Department of Homeland Security (DHS) to update metrics for Federal Information Security Modernization Act (FISMA) reporting, and said that agencies are seeing progress in those metrics, which are being tracked in a newly added category in the Federal IT Acquisition Reform Act (FITARA) scorecard. […]

Mark Kneidinger DHS Homeland Security NPPD Federal Network Resilience Division Director Office of Cybersecurity & Communications CS&C

The Department of Homeland Security is working with multiple Federal agencies to develop a new “risk radar” that will help agencies’ top executives contextualize cybersecurity risk and clarify where they need to apply focus and resources, according to Mark Kneidinger, director of the Federal Network Resilience division of DHS’ Office of Cybersecurity and Communications (CS&C). […]

During a General Services Administration (GSA) webinar on July 18, officials explained why Federal agencies should use GSA tools to move to the cloud, how agencies can utilize IT Schedule 70 to move to the cloud, and how to meet FedRAMP requirements. […]

Federal agency .gov domains have less than three months left to come into compliance with binding operational directive (BOD) 18-01, issued by the Department of Homeland Security (DHS) last October, which requires the use of Domain-based Message Authentication, Reporting and Conformance (DMARC). A DHS representative on Wednesday said that progress in implementing DMARC has been strong, but that initial implementation is far from the finish line. […]

The Office of the Inspector General (OIG) found that the General Accountability Office (GAO) isn’t fully compliant with the Federal Information Security Modernization Act of 2014 (FISMA), according to a report released yesterday. […]

The House Oversight and Government Reform Committee (OGR) on Tuesday approved by voice vote a bill which would allow Federal agency heads to limit access to certain websites or deploy cybersecurity measures if they feel that it is necessary to secure their IT systems, but not before strong vocal dissent about the scope of the legislation. […]
