Cybersecurity
Agencies Must Fix Newly Cataloged Vulnerabilities by Christmas Eve
Officials stressed the importance of maintaining a bill of materials for software in flagging the “Log4j” vulnerability.
Cybersecurity
Increased Interconnectivity Demands Stronger Federal Data Protection Protocols, Officials Say
Officials in the public and private sectors warned of the need to enact a robust cybersecurity posture at the federal level ahead of growing ransomware and hacking threats.
Ideas
What Agencies Need to Do to Combat Shadow IT Driven by Cloud Sprawl
Cloud sprawl happens when development teams spin up new cloud resources, forget about them, then move on to the next urgent task.
Digital Government
GAO: Pentagon Needs Goals to Improve CMMC Framework
The watchdog made several recommendations in an audit of the Cybersecurity Maturity Model Certification effort.
Cybersecurity
NIST Outlines Request for Information Toward a New Cybersecurity Framework
The update will include a focus on supply chains for both hardware and software.
Cybersecurity
House Passes NDAA Without Cyber Incident Reporting Legislation
The bill still includes what the House Armed Services Committee referred to as the widest empowerment of CISA since SolarWinds.
Ideas
Data Exfiltration: Public Enemy No. 1 for the Public Sector
Taking a proactive approach is a critical step in improving the way the government combats threats.
Ideas
How a Cloud-Security Scaffolding Can Protect Your Multicloud Landscape
Different cloud environments have different security needs. Here’s how to create a cloud-security scaffolding to strengthen protections while reducing manual support.
Cybersecurity
NSA, CISA List Expectations for Industry on Data Governance in 5G Environments
The document is the third in a four-part series of guidance that categorizes security responsibilities according to their relevance for the cloud service providers, mobile operators and users of emergent fifth-generation networks.
Cybersecurity
DHS Redefines ‘Cybersecurity Incident’ in Directives for Surface Transportation
The new definition allows industry more flexibility to decide what should trigger reporting mandates for the sector.
Cybersecurity
Russian National Sentenced to Five Years For Aiding Malware Hacking
Aleksandr Grichishkin, 34, pleaded guilty to providing a server allowing cybercriminals temporary use of IP addresses to bypass security measures and exploit financial data.
Cybersecurity
Feds Warned to Look Out For Ransomware Grinches over the Holidays
Federal cybersecurity officials would prefer you keep your holidays a little more secure.
Cybersecurity
CISA Seeks Protective Email Service that Tracks Agencies’ Security Compliance
The agency is ramping up efforts to exercise its new authorities to hunt for threats across the .gov enterprise.
Cybersecurity
Commerce Proposes Third Party Audits as Criteria in Supply Chain Rule for Software
The Government Accountability Office says CISA should also update its approach to communications sector reliability by securing the supply chain for information and communications technology.
Cybersecurity
Report Shows Global Financial Giants Are at Risk of Cyberattacks
A new report by Constella Intelligence raises questions as to whether the sector is doing enough to protect itself.
Cybersecurity
White House Holiday Warning Identifies Options for Reporting Ransomware
The FBI has a prominent portal for entities to report cybersecurity incidents, but Congress is considering legislation that officials fear could change the current dynamic.
Cybersecurity
Government Watchdog Welcomes Treasury’s Data Collection on Cyber Insurance Claims
A Government Accountability Office report on the Treasury Department’s role in shaping the market for cybersecurity insurance is expected next spring.
Cybersecurity
NSA, CISA Say Industry Should Use Attestation Technology to Secure 5G Environments
The tech can provide evidence of compliance with configuration standards and detect anomalies in complex multi-tenant, multi-cloud computing architectures.
Cybersecurity