Cybersecurity
NIST Outlines Request for Information Toward a New Cybersecurity Framework
The update will include a focus on supply chains for both hardware and software.
Cybersecurity
Cyber in the 2022 defense bill
As has been the case for the past few years, cyber governance provisions were featured in this year's must-pass defense policy bill moving through Congress, but a bipartisan breach notification measure was dropped from the bill -- to the chagrin of its supporters.
Cybersecurity
House Passes NDAA Without Cyber Incident Reporting Legislation
The bill still includes what the House Armed Services Committee referred to as the widest empowerment of CISA since SolarWinds.
Ideas
Data Exfiltration: Public Enemy No. 1 for the Public Sector
Taking a proactive approach is a critical step in improving the way the government combats threats.
Cybersecurity
OMB Guidance Heralds Automation of FISMA Reporting
The new Federal Information Security Modernization Act guidance also prioritizes security testing and doubles down on CISA’s Continuous Diagnostics and Mitigation program.
Cybersecurity
White House embeds cyber EO in FISMA reporting
Federal agencies will be reporting on zero-trust adoption and automation efforts in their annual cybersecurity reports to the Office of Management and Budget.
Ideas
How a Cloud-Security Scaffolding Can Protect Your Multicloud Landscape
Different cloud environments have different security needs. Here’s how to create a cloud-security scaffolding to strengthen protections while reducing manual support.
Cybersecurity
NSA, CISA List Expectations for Industry on Data Governance in 5G Environments
The document is the third in a four-part series of guidance that categorizes security responsibilities according to their relevance for the cloud service providers, mobile operators and users of emergent fifth-generation networks.
Cybersecurity
DHS Redefines ‘Cybersecurity Incident’ in Directives for Surface Transportation
The new definition allows industry more flexibility to decide what should trigger reporting mandates for the sector.
Cybersecurity
Russian National Sentenced to Five Years For Aiding Malware Hacking
Aleksandr Grichishkin, 34, pleaded guilty to providing a server allowing cybercriminals temporary use of IP addresses to bypass security measures and exploit financial data.
Cybersecurity
Hacker, Journalist Among CISA Directors’ 23 New Cybersecurity Advisors
The new Cybersecurity Advisory Committee will focus on five areas including workforce development, and has room for 12 more members.
Cybersecurity
Feds Warned to Look Out For Ransomware Grinches over the Holidays
Federal cybersecurity officials would prefer you keep your holidays a little more secure.
Cybersecurity
CISA Seeks Protective Email Service that Tracks Agencies’ Security Compliance
The agency is ramping up efforts to exercise its new authorities to hunt for threats across the .gov enterprise.
Cybersecurity
Commerce Proposes Third Party Audits as Criteria in Supply Chain Rule for Software
The Government Accountability Office says CISA should also update its approach to communications sector reliability by securing the supply chain for information and communications technology.
Cybersecurity
CISA mulls plan to safeguard federal civilian email
According to contracting documents, the Cybersecurity and Infrastructure Security Agency is looking to take a leading role in identifying and defending against threats against federal civilian executive branch email systems and networks.
Cybersecurity
Military service principal cyber advisors take root
Congress established service level principal cyber advisors in the 2020 defense policy bill. FCW sat down with the Army and Navy PCAs to get a sense of what their priorities have been in the past year.
Ideas
DOD Could Save Hundreds of Millions Annually Through Better IT Asset Management
The Pentagon struggles to manage the lifecycle—including security and costs—of those assets.
Cybersecurity
Report Shows Global Financial Giants Are at Risk of Cyberattacks
A new report by Constella Intelligence raises questions as to whether the sector is doing enough to protect itself.
Cybersecurity