Cybersecurity
DHS Official to Chair Biden-ordered Cyber Safety Review Board
Cybersecurity professionals say the board needs subpoena authority in order to be effective.
Cybersecurity
Supply Chain Security Training and FISMA Overhaul Bills Clear House Committee
The committee chair highlighted a need for incident reporting and other requirements for federal contractors.
Cybersecurity
The U.S. is Working to Improve Ukraine’s Cyber Defenses in the Face of Russian Threat
The prospect of a cyberattack amid heightened regional tensions creates a stark contrast against delicate diplomatic efforts the U.S. is pursuing to thwart ransomware criminals officials say are operating out of Russia.
Cybersecurity
NAPA report backs shift in leadership for cyber workforce development
A new study from the National Academy of Public Administration recommends that the newly established Office of the National Cyber Director develop and implement a coordinated, multi-sector strategy for the cybersecurity workforce, which faces chronic workforce shortages.
Cybersecurity
Audit: Labor Department Information Security Program ‘Not Effective’
Auditors made 18 recommendations to remediate some of the agency’s longstanding issues.
Cybersecurity
Security Specialists: Microsoft’s Discounted Logging Offering Warrants Scrutiny
The log management tool Microsoft is marketing as a way for agencies to fulfill administration requirements for network visibility could contribute to a risky ‘monoculture,’ according to cybersecurity professionals.
Cybersecurity
IG report points to weaknesses in the Commerce Department's infosec program
The Commerce Department has routinely failed to implement crucial security assessment measures and an effective continuous monitoring program, according to a new Inspector General report published this week.
Cybersecurity
FTC Warns of 18-Fold Surge in Investment, ‘Romance’ Scams on Social Media
More than 95,000 Americans were bilked over social media in 2021 resulting in losses approaching $1 billion.
Cybersecurity
SEC looks to expand cyber coverage
The Securities and Exchange Commission is taking a new look at how it asks publicly traded companies to disclose cybersecurity risks.
Cybersecurity
EPA Leading White House Effort to Secure the Water Sector Against Cyberattacks
This is the third in a series of 100-day sprints to shore up industrial control systems used in critical infrastructure.
Cybersecurity
Treasury Considering State and Local Grants to Implement Digital ID Systems
The effort to stimulate widespread use of digital identification is aligned with a White House order on cybersecurity and could help defend against ransomware attacks, officials said.
Cybersecurity
White House starts the clock on zero trust adoption
Agencies will have to meet specific zero trust security requirements by the end of fiscal year 2024 under a new policy memo, including updates to identity policies that will affect how federal employees access systems and applications.
Cybersecurity
NIST Releases Final Cybersecurity Assessment Guidance
The document extensively reviews best practices in security assessments for organizations.
Cybersecurity
CISA preps update to the zero trust maturity model
The Cybersecurity and Infrastructure Security Agency will update its zero trust maturity model to assist agencies in meeting goals outlined in the cybersecurity executive order released last year, an official said Tuesday.
Cybersecurity
Biden Executive Order Reinforces Agency Cyber Priorities
CIOs discuss how agency leadership and change management facilitate Biden’s cybersecurity executive order implementation.
Cybersecurity
FISMA Bill Drops in House Amid Confusion Over Federal CISO Role
Rep. John Katko is continuing a campaign to make the Cybersecurity and Infrastructure Security Agency a central Chief Information Security Office—or CISO— for federal civilian agencies.
Cybersecurity
Ransomware to overtake phishing as top cause for data compromises, report says
A new report says 2021 set a record for data breaches, but increasingly notifications to victims and authorities often lack transparency, hindering investigations.
Cybersecurity
NSA: Securing Cloud-Related PDFs Shouldn’t Mean Sacrificing Usability
The rise of editable Portable Document Files created a new avenue for attackers, but the right configuration can protect most systems without compromising functionality, NSA says.
Cybersecurity
CISA Releases Finalized IPv6 Guidance for Agencies
The network guidance document is years in the making.
Cybersecurity