Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), stepped down from his role last month and announced on June 30 that he has landed at Capital One. […]
Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), is stepping down from his role next month. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is leading an effort to update the National Cyber Incident Response Plan (NCIRP) by the end of 2024, as directed in the Biden administration’s National Cybersecurity Strategy released earlier this year. CISA, in close coordination with the Office of the National Cyber Director (ONCD), is embarking on a […]
A new report out today from the Center for Strategic and International Studies (CSIS) focuses on the Cybersecurity Infrastructure Security Agency’s (CISA) growth and mission needs, and offers a range of findings and recommendations that go beyond basic funding needs to bolster CISA’s ability to defend the nation’s cyberspace and the security of Federal Civilian Executive Branch agencies (FCEB). […]
The Cybersecurity and Infrastructure Security Agency (CISA) is aiming to issue the second version of its Zero Trust Maturity Model this summer, according to Eric Goldstein, CISA’s executive assistant director for cybersecurity. […]
The Cybersecurity and Infrastructure Security Agency (CISA) released cloud use case guidance for its Trusted Internet Connections (TIC) 3.0 program, the agency announced on June 16. […]
While the Cybersecurity and Infrastructure Security Agency (CISA) is working to make progress on numerous discrete security policy directives and projects that it has been handed in recent years, a top agency official explained today that the higher-level goals uniting most of those tasks boil down to the government and the private sector achieving much greater visibility into cyber threats and how to defend against them, and not leaving organizations to defend against threats on their own. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is seeking industry feedback on two reference documents, one for Secure Cloud Business Applications (SCuBA) and a framework for organization visibility data, according to an April 19 CISA blog post. […]
In an effort to better protect critical infrastructure, House representatives and Federal cybersecurity officials spoke today about how to most effectively identify the nation’s most systemically important critical infrastructure. […]
Officials from the Cybersecurity and Infrastructure Security Agency (CISA) and within the cybersecurity industry are warning of the potential for threat actors to have already exploited the Log4j vulnerability, but are waiting to pull the trigger on any planned exploits until focus on the vulnerability abates. […]
A month after its first public warnings about the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is continuing to work with Federal agencies and the public to mitigate potential exposure, and also renewing calls for a software bill of materials (SBOM) to aid in system visibility and inventory management. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that all large Federal agencies have successfully mitigated the Log4j critical vulnerability that the agency discovered in early December 2021. […]
The Cybersecurity and Infrastructure Security Agency (CISA) said Dec. 14 that there has been no confirmed compromise of any Federal agencies as a result of the Log4j vulnerability. But CISA reiterated it has added the vulnerability to its catalog of known vulnerabilities over the weekend, giving agencies two weeks to remediate and mitigate any potential harm. […]
As the number of cyberattacks impacting critical infrastructure continues to grow, members of Congress and representatives from the Department of Energy (DoE), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Energy Regulatory Commission (FERC) agreed that more needs to be done to protect the electric grid from a potentially “devastating” cyberattack. […]
In the wake of the recent SolarWinds and Microsoft Exchange hacks, the Cybersecurity and Infrastructure Security Agency (CISA) is emphasizing the need to shore up supply chain integrity, adopt a zero trust security concepts mindset, and direct more resources to best address vulnerabilities. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled three key leadership appointments including the agency’s deputy director, and two covering hot-button security posts. […]