The National Security Agency (NSA) has released a cybersecurity technical report for its Network Infrastructure Security Guidance that features network infrastructure best practices, according to a March 1 release from the agency. […]
The National Institute of Standards and Technology (NIST) is developing a Cybersecurity Practice Guide through its National Cybersecurity Center of Excellence (NCCoE) and Communications Technology Laboratory (CTL) and are requesting comment to refine the project’s scope. […]
The Senate on March 1 approved by unanimous consent the Strengthening American Cybersecurity Act of 2022. The bill is a sweeping legislative package introduced last month that aims to update the Federal Information Security Management Act (FISMA), codify the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP), and require timely cyber incident reporting by critical infrastructure providers. […]
As the Cybersecurity and Infrastructure Security Agency (CISA) is shifting its focus from protecting sets of critical assets to improving the resilience of critical functions, the Government Accountability Office (GAO) said the agency should improve its priority setting, stakeholder involvement, and threat information sharing in connection with that effort. […]
The United States and its allies in the North Atlantic Treaty Organization (NATO) need to be prepared to face a high-level cyber assault from the Russian government, warned Sen. Mark Warner, D-Va., on Feb. 28 during a Washington Post virtual event. […]
The Federal Communications Commission (FCC) has launched a Notice of Inquiry (NOI) to seek comments on cyber risks to the Border Gateway Protocol (BGP) – the routing protocol for the Internet – in response to increasing cyber threats following Russia’s invasion of Ukraine. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning United States-based organizations of two destructive malware programs used by Russia against Ukrainian organizations in the leadup to Russia’s invasion of Ukraine, and the threat vectors seen in those attacks. […]
A group of nonprofits focusing on cybersecurity and implementation have formed a coalition to develop, share, deploy, and increase awareness of best cybersecurity practices, tools, standards, and services across the public and private sectors. […]
The National Security Telecommunications Advisory Committee (NSTAC) – a group of private sector experts that advises the White House on telecommunications issues that affect national security and emergency preparedness – is advising the Cybersecurity and Infrastructure Security Agency (CISA) to establish a dedicated Zero Trust Program Office. […]
A new Defense Department (DoD) Office of Inspector General (OIG) audit finds that some of the Pentagon’s academic and research partners have not consistently implement cybersecurity controls to protect controlled unclassified information (CUI) stored on their networks from insider and external threats. […]
Iranian government-sponsored hackers are conducting active cyber operations against global commercial and government networks, according to a warning issued earlier this week by United States and United Kingdom intelligence agencies. […]
In response to President Biden’s Executive Order 14017, America’s Supply Chains, the Department of Energy (DOE) today released a comprehensive plan to ensure security and increase energy independence in the United States. […]
New guidance from the Federal CIO Council’s Federal Mobility Group provides best practices for mobile phone security for Federal employees when they travel outside of the continental United States and its territories. […]
The CIO Council is currently leading an effort, along with a multi-agency working group, to develop a new Zero Trust Playbook for agencies, according to Thomas Santucci, the director of the General Services Administration Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO). […]
The National Institute of Standards and Technology (NIST) is seeking information on evaluating and improving its cybersecurity resources, including a possible update to its Cybersecurity Framework first issued in 2014 and later updated in 2018. […]
Former White House Director for Cybersecurity Robert Knake is joining the Office of National Cyber Director (ONCD) as deputy national cyber director for strategy and budget, an ONCD spokesperson confirmed to MeriTalk today. […]
With tensions mounting between Russia and Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) is warning critical infrastructure (CI) owners and operators – as well as any other United States-based organizations – to keep their guard up. To help organizations do that, the cybersecurity agency released insights for the CI sector, as well as a new webpage Feb. 18 to help organizations better steel themselves against a potential Russian cyber threat. […]
The U.S. Space Force’s Space Systems Command, along with the U.S. Air Force, is looking for feedback on its plans to conduct live, virtual, and on-orbit space cyber test and training events to boost training efforts for cyber professionals. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new webpage featuring a catalog of free cybersecurity tools and resources that the agency hopes will serve as a “one-stop resource where organizations of all sizes can find free public and private sector resources to reduce their cybersecurity risk.” […]
The White House’s top cybersecurity advisor today blamed Russia for cyberattacks earlier this week against the Ukrainian government and banking sectors and said that the U.S. is actively helping Ukraine to fend off cyber assaults in the run-up to a possible Russian military invasion of that country. […]
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly made a strong pitch on Feb. 17 for the agency’s push to create an underlying culture of organizational success that she said is critical to creating optimal performance at the nation’s cyber defense agency. […]
Just over a week after announcing the agency’s largest-ever financial seizure – $3.6 billion in Bitcoin – Deputy Attorney General Lisa Monaco said today that Eun Young Choi will serve as the first director of the Department of Justice’s National Cryptocurrency Enforcement Team (NCET). […]
A new cybersecurity advisory from the Federal government’s top cybersecurity watchdogs says that Russian state-sponsored hackers have compromised numerous defense industrial base (DIB) contractors both large and small over the past two years, and warns about the extensive bag of tricks that those hackers use when they target defense contractors. […]
The Senate Small Business and Entrepreneurship Committee on Feb. 15 voted to approve the Small Business Administration (SBA) Cyber Awareness Act (H.R. 3462), which requires SBA to issue an annual report on its cybersecurity capabilities, and notify Congress in the event of a cybersecurity breach potentially compromising sensitive information. […]
The Department of Defense (DoD) expects around 80,000 Defense Industrial Base (DIB) contractors will need a third-party assessment to reach Level 2 compliance for the Cybersecurity Maturity Model Certificate (CMMC) 2.0 program – double the previously estimated number of companies. […]
Efforts by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) to invest in real-time information sharing capabilities are keying the Biden administration’s campaign to improve industrial control systems (ICS) cybersecurity, CISA and NSA officials said this week. […]
A new memo from the Department of Defense (DoD) is encouraging the use of a continuous Authorization To Operate (cATO) under the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) – instead of a point-in-time ATO – to serve as the “gold standard” for systems’ cybersecurity risk management. […]
A bipartisan group of senators is urging the Securities and Exchange Commission (SEC) to increase transparency in cybersecurity incident reporting requirements for public companies overseen by the SEC. […]
The General Services Administration is going on the hunt for a permanent director to lead its Login.gov effort and oversee deployment of the $187 million Technology Modernization Fund (TMF) award GSA got for the project last year. […]
The Department of Defense’s (DoD) F-35 Lightning II Joint Program Office (JPO) Cyber Team seeks to advance its cyber capabilities to better protect against cyber threats and increase mission assurance. […]