The Office of Management and Budget (OMB) said this week that reported cyber “incidents” involving Federal government systems declined by about five percent in fiscal year 2022 – to a total of 30,659 incidents – compared to the prior year’s tally. […]

The Cybersecurity and Infrastructure Security Agency (CISA) published a new request for information (RFI) today looking for feedback on how to best implement cyber incident reporting requirements for critical infrastructure owners and operators. […]

Chris DeRusha, who wears the dual hats of Federal Chief Information Security Officer (CISO) and Deputy National Cyber Director for Federal Cybersecurity in the Office of the National Cyber Director, charted some near-term policy goals on the security front during a keynote address on May 19 at MeriTalk’s Cyber Central May 2022 – Mission: Cyber Resilience in-person conference. […]

Organizations of all sizes are susceptible to ransomware attacks, and the best set of defenses against those kinds of destructive cyberattacks rely on implementing multifactor authentication, network segmentation, and other zero trust security principles, Sen. Rob Portman, R-Ohio, said in a new report released today. […]

After a few failed attempts, cyber incident reporting legislation made it over the finish line as part of the fiscal year (FY) 2022 appropriations bill – a victory hailed by Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and lawmakers as a necessary step for more visibility to protect critical infrastructure. […]

The Senate on March 1 approved by unanimous consent the Strengthening American Cybersecurity Act of 2022. The bill is a sweeping legislative package introduced last month that aims to update the Federal Information Security Management Act (FISMA), codify the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP), and require timely cyber incident reporting by critical infrastructure providers. […]

A bipartisan group of senators is urging the Securities and Exchange Commission (SEC) to increase transparency in cybersecurity incident reporting requirements for public companies overseen by the SEC. […]

Leadership of the Senate Homeland Security and Governmental Affairs Committee has introduced a package bill in the Senate that would update both the Federal Information Security Management Act (FISMA), which sets cybersecurity requirements for Federal agencies, and codify the Federal Risk and Authorization Management Program (FedRAMP) that certifies cloud services as secure to use for Federal government agencies. […]

After a surprising failure to get mandatory cyber incident reporting included in the fiscal year (FY) 2022 National Defense Authorization Act (NDAA), Rep. Yvette Clarke, D-N.Y., and John Katko, R-N.Y., called the issue a top cybersecurity legislative priority for 2022. […]

Sen. Gary Peters, D-Mich., is renewing calls for mandatory incident reporting legislation, after meeting virtually with Biden administration cybersecurity leaders on Jan. 5 for a briefing about the Log4j critical vulnerability. […]

After a spate of cyberattacks and ransomware attacks on American companies and critical infrastructure providers since the start of the COVID-19 pandemic, lawmakers and members of the cybersecurity industry expressed shock and disappointment that mandatory cyber incident reporting was dropped from the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA). […]

Two major pieces of cybersecurity legislation – a Senate-approved bill to reform the Federal Information Security Management Act (FISMA), and another bill to standardize reporting requirements for major cybersecurity incidents – both failed to make the cut in the House-Senate conference version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA) that passed the House Dec. 7. […]

After returning from the Thanksgiving break yesterday, the Senate’s progress on consideration of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA) stalled last night with Senate Republicans refusing to vote for cloture due to disagreements on the amendment process for the defense spending act. […]

The Senate returned to work Monday afternoon to continue consideration of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA), beginning a torrid stretch of legislative work leading up to the end of the calendar year. […]

As the Senate returns to work on Nov. 29 with the completion of debate on the Fiscal Year (FY) 2022 National Defense Authorization Act (NDAA) at the top of its agenda, lawmakers will be looking to tack on a host of cybersecurity-related amendments to the defense spending bill. […]

After a potential setback late last week, Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, are still looking to attach their legislation to reform the Federal Information Security Modernization Act (FISMA) added to the Senate’s fiscal year (FY) 2022 National Defense Authorization Act (NDAA) making its way through the chamber, a Senate Homeland Security and Governmental Affairs Committee staffer told MeriTalk. […]

Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales said today the government is concerned that the nation is witnessing the prelude to broader-based cyber attacks, and he called on Congress to take action on legislation that would require reporting of cyber incidents to the Federal government. […]