The Cybersecurity and Infrastructure Security Agency (CISA), along with the U.S. Election Assistance Commission, National Association of Secretaries of State (NASS), and the National Association of State Election Directors (NASED), held an annual election security exercise last week to test Election Day plans. […]
Tags
CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has made only limited progress in improving the overall quality of cyber threat data information it shares with third parties, and needs to do more to provide context for that shared information, the Department of Homeland Security (DHS) Office of Inspector General (IG) said in an oversight report. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a cybersecurity advisory on August 18 that warns about Common Vulnerabilities and Exposures (CVEs) that they say are “currently being exploited” against the Zimbra Collaboration Suite (ZCS). […]
A senior Cybersecurity and Infrastructure Security Agency (CISA) official provided an update this week on agency-level activity in their migration toward zero trust security architectures mandated by President Biden’s 2021 cybersecurity executive order and subsequent guidance documents issued by CISA and the Office of Management and Budget (OMB). […]
Chris Krebs, who led the Cybersecurity and Information Security Agency (CISA) from 2018 to 2020, said today that his vision for the Federal government’s next leap forward on the technology front involves creating a new “U.S. Digital Agency” that would combine elements of CISA and several other existing agencies to create an organization “focused on empowering better digital risk management services.” […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) on the top malware strains of 2021. […]
In a recent MeriTV “IT In Depth” episode, Robert Costello, Chief Information Officer at the Cybersecurity and Infrastructure Security Agency (CISA), and Bill Wright, Splunk’s Director of Public Sector Affairs, said new event logging requirements pose a series of complicated tests for Federal IT managers. The mandates stem from the August 2021 Office of Management and Budget (OMB) memo M-21-31, which outlines a four-tier system for logging events and describes logs on Federal information systems as “invaluable” in fighting cyber threats. […]
The Federal government – galvanized by the Biden Administration’s Cybersecurity Executive Order – has spent a lot of time and money on cybersecurity solutions, but as the digital landscape continues to evolve so does the risk. […]
Witnesses at a House Homeland Security Committee hearing on July 20 provided lawmakers with feedback about how local election officials are viewing security information being supplied to them by the Federal government, along with the need to train local officials on ways to defeat misinformation. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) “Shields Up” cybersecurity campaign launched in February to warn critical infrastructure operators and other U.S.-based organizations of cybersecurity threats spilling over from Russia’s invasion of Ukraine is proving its worth over the first four months of operation. […]
The Cyber Safety Review Board (CSRB) – in its inaugural report released today – praised the Cybersecurity and Infrastructure Security Agency (CISA) for its response to the ongoing Log4j software vulnerability, and found that to date there have not been any significant Log4J-based attacks on U.S. critical infrastructure. […]
The Department of Homeland Security (DHS) along with the Cybersecurity and Infrastructure Security Agency (CISA) launched a contract opportunity looking to develop an automated software for billing that looks to give more visibility into supply chains. […]
Rep. Ritchie Torres, D-N.Y., introduced legislation on July 1 that would require the Cybersecurity and Infrastructure Security Agency (CISA) to investigate and report on the impact of the 2020 SolarWinds cyberattack on Federal agency networks and U.S. critical infrastructure. […]
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and Department of the Treasury (DoT) released an advisory on July 6 that attributes ransomware attacks launched against healthcare and public health (HPH) organizations to North Korean state-sponsored organizations. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has set a deadline of July 22 for Federal civilian agencies to apply Microsoft’s June 2022 Patch Tuesday update. […]
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Treasury Department, and the Financial Crimes Enforcement Network (FinCEN) have released a joint cybersecurity advisory warning of MedusaLocker targeting vulnerabilities in Remote Desktop Protocol (RDP) to conduct ransomware attacks. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance for users of Microsoft Exchange Online to switch from Basic Authentication, or “Basic Auth,” to Modern Authentication, or “Modern Auth” – which supports multi-factor authentication (MFA) – by the beginning of October. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program offers a wide range of security benefits for Federal agencies. Still, a CISA official wants to help agencies unlock the program’s full potential. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), along with international partners, published guidance last week for cyber defenders that advises them to not remove PowerShell – Microsoft’s built-in command-line tool with Windows – but to properly configure it. […]
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly is considering a big basket of recommendations delivered this week by the agency’s Cybersecurity Advisory Committee, including suggestions that the agency boost its workforce development and acquisition efforts and establish a new chief people officer position. […]
The Cybersecurity and Infrastructure Security Agency (CISA) today issued an updated version of its Cloud Security Technical Reference Architecture (TRA) that serves as guidance for Federal civilian agencies for secure migration to cloud services. […]
The Government Accountability Office (GAO) is pressing the departments of Treasury and Homeland Security (DHS) to assess whether a further Federal response is needed to address the government’s existing terrorism risk insurance program, which may not cover losses from cyber and other attacks on U.S. critical infrastructure. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is aiming to issue the second version of its Zero Trust Maturity Model this summer, according to Eric Goldstein, CISA’s executive assistant director for cybersecurity. […]
The Cybersecurity and Infrastructure Security Agency (CISA) released cloud use case guidance for its Trusted Internet Connections (TIC) 3.0 program, the agency announced on June 16. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is winning rave reviews from cybersecurity practitioners who are working to improve Federal civilian agency security. CDM has the potential to become even more crucial to the cyber fight once its latest generation of technologies are fully leveraged. […]
The House Appropriations Homeland Security Subcommittee today approved a homeland security budget print for fiscal year (FY) 2023 that includes $2.93 billion for the Cybersecurity and Infrastructure Security Agency (CISA), representing a $334 million increase from FY2022 and a $417 million increase over the requested amount. […]
While the Cybersecurity and Infrastructure Security Agency (CISA) is working to make progress on numerous discrete security policy directives and projects that it has been handed in recent years, a top agency official explained today that the higher-level goals uniting most of those tasks boil down to the government and the private sector achieving much greater visibility into cyber threats and how to defend against them, and not leaving organizations to defend against threats on their own. […]
After a releasing an op-ed with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly last week that called CISA’s “Shields Up” campaign a new baseline for cyber defenses, National Cyber Director Chris Inglis said today that the cost of entry for cyber attackers is still too low to create stout deterrence. […]
Building a zero-trust security architecture foundation that underlies better cybersecurity capabilities is at the top of the list for Robert Costello, Chief Information Officer at the Cybersecurity and Infrastructure Security Agency (CISA). […]
As the Cybersecurity and Infrastructure Security Agency (CISA) continues to grapple with the early stages of a rulemaking process for recently enacted cyber incident reporting legislation, CISA Director Jen Easterly said it will be crucial to develop trust with the private sector so that the law is seen as “value-added” and not a burden. […]