The Government Accountability Office (GAO) said in a new report that the Social Security Administration (SSA) still needs to improve its cybersecurity by addressing how it coordinates with states and other Federal agencies. […]
As the National Institute of Standards and Technology (NIST) is in the process of updating its Cybersecurity Framework (CSF), it plans to hold a series of workshops and release at least one more draft for public comment before releasing CSF 2.0, according to a NIST blog. […]
The National Institute of Standards and Technology (NIST) is working to apply its Cybersecurity Framework to the ground-based segments of space operations, an April 18 NIST report says. […]
The NIST Cybersecurity Framework, initially issued in early 2014, outlines five functions with regard to cybersecurity risk: identify, protect, detect, respond, and recover. Of these functions, those on the far left encapsulate measures that could be considered pre-breach; those on the right, post-breach. Far too often, however, government agencies tip the scales too far to the left. […]
The Smithsonian Institution (SI) made some progress in its Fiscal Year 2018 FISMA (Federal Information Security Modernization Act) audit, but still sat at around a Level 2 on the FISMA scale, according to a report released September 23 by the Smithsonian Office of Inspector General. […]
The National Institute of Standards and Technology (NIST) is looking for industry to participate in its efforts to develop a secure architecture for telehealth deployments outside of healthcare facilities, according to an upcoming Federal Register notice. […]
The National Institute of Standards and Technology (NIST) released a discussion draft version of the upcoming NIST Privacy Framework on Wednesday, May 1, with principles and practices aligned with the NIST Cybersecurity Framework. […]
The Government Accountability Office (GAO) recommended that the Transportation Security Administration (TSA) revise its pipeline security, cybersecurity guidelines, and risk assessment methodology, and build a more robust cybersecurity workforce to enhance its pipeline security program. […]
The Department of Health and Human Services’ (HHS) FISMA (Federal Information Security Modernization Act) audit for fiscal year 2018, released today by HHS’ Office of the Inspector General (OIG), shows the agency improved its performance in the “Identify” and “Protect” areas of the framework, while holding steady in other areas. […]
The Department of Defense puts a lot of effort into cybersecurity but still has some significant holes in its structure, some of them dating back a decade, according to a report issued earlier this month by the department’s Inspector General (IG). […]
While the Federal IT community is eager to embrace the benefits of cloud services, agency leaders are working to balance the transition to cloud with Federal policies and maintaining continuous operations, deputy CIOs from the Air Force and the Department of Veterans Affairs (VA) told the crowd at CES-Government on Friday in Las Vegas. […]
The Department of Health and Human Services (HHS) last week released its Health Industry Cybersecurity Practices, a set of voluntary cybersecurity guidelines for the private sector that leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework to address cybersecurity issues across healthcare organizations of all sizes. […]
A newly issued Government Accountability Office (GAO) report highlights gaps in implementing Federal guidance on cybersecurity at major agencies in fiscal year 2017, finding 35,277 cybersecurity incidents. […]
The Food and Drug Administration (FDA) released new draft guidance for the cybersecurity of medical devices on Wednesday, with a focus on risk management and applying the cybersecurity framework from the National Institute of Standards and Technology (NIST). […]
President Trump on Friday declared October 2018 as National Cybersecurity Awareness Month – marking the 15th consecutive year of that designation. […]
The National Institute of Standards and Technology (NIST) is taking the first steps to develop a privacy framework that balances risk and protections, the agency announced on Tuesday. […]
The White House said President Trump has signed into law the NIST Small Business Cybersecurity Act, S. 770, which directs the National Institute of Standards and Technology (NIST) to provide resources to small businesses to help them implement NIST’s voluntary cybersecurity framework. […]
This month marks the first anniversary of President Trump signing his cyber executive order (EO), formally titled the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. […]
It’s no secret that Chinese companies are major suppliers to U.S. technology companies that serve the Federal government, and a report issued last month says the Chinese government is leveraging that manufacturing capability to create significant security risks across the U.S. Federal enterprise. […]
The rising frequency and intensity of cyberattacks on information technology systems that support the government, military, businesses, and critical infrastructure has raised awareness among senior Federal agency managers that security controls cannot be bolted on to systems as an afterthought. Security must be a core part of the design of systems from the beginning, and considered throughout the development lifecycle. […]
Sen. Sheldon Whitehouse, D-R.I., said that he is concerned about the Trump administration’s widespread adoption of the NIST Cybersecurity Framework. “The NIST Framework has never been adequately validated,” he said, adding that he wonders whether agencies have accepted it because it’s effective or because “compliance demands so little effort.” […]
President Donald Trump’s executive order on cybersecurity, signed May 11, has received praise from both Congress and industry for continuing the progress of the previous administration and focusing on the issues of workforce development, IT modernization, and implementation of the NIST Cybersecurity Framework. […]
There are strong signals that President Donald Trump’s executive order on cybersecurity may still be weeks, if not months, away from hitting the street in final form. After leaking two draft versions in rapid succession, the White House finds itself struggling to define the metrics it will use to hold agency leaders accountable. […]
Catch up on some reading this weekend. Here are a few interesting items from MeriTalk. […]
The National Institute of Standards and Technology has released a draft update, Version 1.1, to its Cybersecurity Framework–a guide to help organizations reduce cyber risks. […]
A low-key change has taken place that sources say has shifted the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity from a purely voluntary practice to a mandatory standard for Federal agencies….Reactions to the White House’s open source coding push….And grumbling about Silicon Valley imports. […]