FCW Insider: March 17, 2021

CMMC board preps for staff changes

The body in charge of standing up and running the Defense Department’s unified cybersecurity standard is shifting its staffing arrangement.

D.C. extends COVID vaccines to essential feds but worries continue for far-flung federal workforce

Some agencies have been vaccinating their employees directly, but others haven't. The National Treasury Employee Union wants IRS to secure vaccine allotments for in-person workers nationwide.

IC: Foreign actors tried to affect U.S. election via influence campaigns, but not by hacking

The intelligence community's newly declassified report largely concludes Russia attempted to meddle in the U.S. election through influence operations but did not attempt the kinds of cyberattacks observed in 2016.

What cyber risks will Biden's supply chain EO uncover?

The administration has ordered a wide-ranging assessment of the risks to various supply chain. Analysts, former government officials and industry say a large workforce gap and problematic frameworks are among the threats cybersecurity poses to the country's supply chains.

Quick Hits

*** Democrats in both chambers of Congress introduced a bill that would give healthcare professionals at the Department of Veterans Affairs working under Title 38 status the same collective bargaining opportunities as other VA employees. Rep. Mark Takano (D-Calif.), the chairman of the House Veterans Affairs Committee and Sen. Sherrod Brown (D-Ohio) are the lead sponsors of the VA Employee Fairness 5 Act of 2021, which has the backing of the American Federation of Government Employees and National Nurses United.

*** The Office of Personnel Management has added 41 small businesses to the Human Capital and Training Solutions program, which consolidates human capital contracting across the federal government and provides agencies with human capital and training services.

*** The Department of Homeland Security announced Lynn Parker Dupree, a former employee at the Privacy and Civil Liberties Oversight Board, as its chief privacy officer and chief FOIA officer starting Mar. 22. Dupree, an attorney, most recently served as director of governance and controls in the data ethics and privacy office at Capital One bank.

*** The Federal Risk and Authorization Management Program has released supplemental requirements to ensure cloud service providers keep their container technology in compliance. Released March 16, the document, Vulnerability Scanning Requirements for Containers, bridges the compliance gaps between traditional cloud and containerized systems by describing "the processes, architecture and security considerations specific to vulnerability scanning for cloud systems using container technology." Get more on this story from GCN.