Ideas
The Federal Government is Pushing for Security-Aware Developers
But do official recommendations work in their world?
Ideas
Zero Trust Doesn’t Come in a Box
Three no-nonsense tips to simplify the zero trust journey for federal agencies.
Cybersecurity
What the Census Bureau Can Learn From the IRS About Detecting Cyberattacks
Inspectors general from Commerce and Treasury present a tale of two testing regimes.
Cybersecurity
It’s Finally Here: Pentagon Releases Plan To Keep Hackers Out Of Its Networks
Defense agencies are to implement zero-trust standards by 2027.
Modernization
Census Targets Data Modernization, Cybersecurity Ahead of 2030 Rollout
Officials at the Census Bureau want to give the agency’s operations a strong, data-centric approach to collecting and securing American demographic information.
Cybersecurity
Latest Guidance Outlines Customer Responsibilities for Software Security
The guide provides recommendations throughout the product lifecycle, from procurement to deployment.
Cybersecurity
White House Begins to Push Federal Post-Quantum Cryptography Migration
The Office of Management and Budget released new guidance to begin the governmentwide effort to safeguard digital infrastructure from quantum attacks.
Cybersecurity
Secret Service’s Zero Trust Plan Must Account for OMB Guidance, Watchdog Says
The Secret Service’s plan for adopting a zero trust architecture model across the agency’s systems has not been updated since the Office of Management and Budget released new guidance in January.
Cybersecurity
CISA Issues Vulnerability-Management Tools Dependent on Industry Action
Federal agencies are under a binding operational directive to address exploitable security vulnerabilities in their software, but the success of CISA’s effort relies on the cooperation of software vendors.
Cybersecurity
NATO Allies Double Down on Cybersecurity in Warfighting Ops
U.S. and Italian officials convened the 2022 Cyber Defence Pledge Conference, focused on supporting Ukraine and investing in new technology for all member nations.
Cybersecurity
How Federal Agencies are Using Innovative Tech to Protect Critical Infrastructure Cybersecurity
Officials from CISA and DARPA spoke about their initiatives to support cybersecurity operations across critical infrastructure networks.
Cybersecurity
NIST Official Warns Against Device-only Approach to Securing IoT
Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.
Cybersecurity
CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers
New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.
Cybersecurity
FCC Proposes to Strengthen Cybersecurity of Emergency Alert Systems
The notice of proposed rulemaking would require emergency alert system participants to disclose cyber breaches within 72 hours of discovery.
Cybersecurity
NDAA Negotiations Will Determine Success of Several Cyber Solarium Goals
Influence from major industry threatens once again to thwart lawmakers’ attempts to realize their policymaking goals through the annual defense authorization bill.
Cybersecurity
CISA Director: Big Tech Shouldn’t Charge Extra for Event Logging
The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.
Cybersecurity
Agencies Shouldn’t 'Just Trust' Software Vendors' Security Assurances, IG Warns
NIST advisors debating the merits of OMB’s policy on software vendors’ “self-attestation” to secure development practices found common ground on a need for audits and testing.
Cybersecurity
CISA Seeks Feedback on Baseline Measures to Secure Cloud Configuration
Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next.
Cybersecurity
Global Cyber Workforce Needs 3.4 Million Professionals to Fill Gaps, Study Finds
The survey also found that government cyber workers reported the least confidence in their ability to mitigate security threats over the next couple years “based on their current staff and tools.”
Cybersecurity