NSA

CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

  • By Mariam Baksh

NSA Advocates Active Defense, as Industry Lawyer Advises Against Incident Reports

Speakers at a new conference hosted by cybersecurity firm Mandiant highlighted the challenge the government faces in motivating companies to report attacks on critical infrastructure.

  • By Mariam Baksh

CISA, NSA Guidance Tries to Reduce Alternatives for Securing Industrial Control Systems

Policymakers in Congress and the administration are grappling with how to set a performance bar for companies' mitigation of cyber threats against critical infrastructure they own, while allowing flexibility the companies say is needed to run their operations.

  • By Mariam Baksh

NSA Releases Post-Quantum Algorithms, Aims for Full Implementation by 2035

The National Security Agency worked in conjunction with NIST to prepare stakeholders for upcoming quantum cryptographic requirements. 

  • By Alexandra Kelley

Justice Seeks to Stop Booz Allen's Everwatch Acquisition

The department's antitrust lawsuit says the transaction unfairly eliminates competition for providing signals intelligence modeling and simulation services to the National Security Agency.

  • By Nick Wakeman and Ross Wilkers

US, Allied Cybersecurity Agencies, Advise Reviewing Contracts with Tech Vendors

A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.

  • By Mariam Baksh

NSA Re-awards Secret $10 Billion Contract to Amazon

Amazon Web Services beat out Microsoft for the contract after a bid protest battle.

  • By Frank Konkel

NSA Stresses Vendor Diversification in Guidance on Network Segmentation

Robust firewalls within and around a network are especially important in environments incorporating industrial control systems, which have been targeted in Russian state-sponsored operations.

  • By Mariam Baksh

NSA to get binding operational directive authority under new cyber policy

A new memo signed by President Biden outlines how the May 2021 executive order on cybersecurity applies to national security systems.

  • By Adam Mazmanian

Agencies Under New Deadlines to Address ‘log4j’ Flaws with Emergency Directive

The Cybersecurity and Infrastructure Security Agency order comes as a prominent firm says nation states are exploiting the vulnerabilities.

  • By Mariam Baksh

NSA, CISA, Add Original Equipment Manufacturers to Audience for 5G Security Guidance

The agencies got specific about who is responsible for what in a four-part series on securing the inherently cloud-based environments.

  • By Mariam Baksh

GAO: NSA Erred in Technical Evaluations of $10 Billion Cloud Contract

The Government Accountability Office recommended the NSA reevaluate bids from Microsoft and Amazon Web Services.

  • By Frank Konkel

NSA, CISA List Expectations for Industry on Data Governance in 5G Environments

The document is the third in a four-part series of guidance that categorizes security responsibilities according to their relevance for the cloud service providers, mobile operators and users of emergent fifth-generation networks.

  • By Mariam Baksh

NSA, CISA Say Industry Should Use Attestation Technology to Secure 5G Environments

The tech can provide evidence of compliance with configuration standards and detect anomalies in complex multi-tenant, multi-cloud computing architectures.

  • By Mariam Baksh
Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now

NSA, CISA Weigh in on Shared Responsibility for Cloud Security in the 5G Era

Fifth-generation networking is expected to multiply opportunities for hackers using tactics already observed in attacks like the one against IT management firm SolarWinds.

  • By Mariam Baksh

New Laws Are ‘Probably Needed’ to Force US Firms to Patch Known Cyber Vulnerabilities, NSA Official Says

Too many firms are shying away from replacing old gear that is only getting easier for criminals to attack.

  • By Patrick Tucker

NSA: Test Unified Communications Patches Before Installing

Guidance from the National Security Agency aims to protect communications carried over the internet from eavesdropping, denial-of-service attacks and other dangers.

  • By Mariam Baksh

NSA, Army Launch ‘Qubit Collaboratory’ to Advance Quantum Information Science

A new broad agency announcement will be open until early 2026.

  • By Brandi Vincent

NSA to Defense Sector: Think Twice Before Connecting Operational Technology to the Internet

The agency recognized benefits such as enabling remote work but notes the inherent risks and costs of putting industrial control system components online.

  • By Mariam Baksh

White House Stands Down Coordination Effort on SolarWinds, Microsoft Exchange Hacks

The leading cybersecurity official on the National Security Council shared lessons learned as agencies reach patching goals.

  • By Mariam Baksh

The Hack Roundup: White House Sanctions Russia over SolarWinds

Agencies involved in response also issued advisories on the hackers' tactics while Microsoft offered federal customers free trials of an auditing tool.

  • By Mariam Baksh