NSA

Agencies Under New Deadlines to Address ‘log4j’ Flaws with Emergency Directive

The Cybersecurity and Infrastructure Security Agency order comes as a prominent firm says nation states are exploiting the vulnerabilities.

NSA, CISA, Add Original Equipment Manufacturers to Audience for 5G Security Guidance

The agencies got specific about who is responsible for what in a four-part series on securing the inherently cloud-based environments.

GAO: NSA Erred in Technical Evaluations of $10 Billion Cloud Contract

The Government Accountability Office recommended the NSA reevaluate bids from Microsoft and Amazon Web Services.

NSA, CISA List Expectations for Industry on Data Governance in 5G Environments

The document is the third in a four-part series of guidance that categorizes security responsibilities according to their relevance for the cloud service providers, mobile operators and users of emergent fifth-generation networks.

NSA, CISA Say Industry Should Use Attestation Technology to Secure 5G Environments

The tech can provide evidence of compliance with configuration standards and detect anomalies in complex multi-tenant, multi-cloud computing architectures.

NSA, CISA Weigh in on Shared Responsibility for Cloud Security in the 5G Era

Fifth-generation networking is expected to multiply opportunities for hackers using tactics already observed in attacks like the one against IT management firm SolarWinds.

New Laws Are ‘Probably Needed’ to Force US Firms to Patch Known Cyber Vulnerabilities, NSA Official Says

Too many firms are shying away from replacing old gear that is only getting easier for criminals to attack.

NSA: Test Unified Communications Patches Before Installing

Guidance from the National Security Agency aims to protect communications carried over the internet from eavesdropping, denial-of-service attacks and other dangers.

NSA to Defense Sector: Think Twice Before Connecting Operational Technology to the Internet

The agency recognized benefits such as enabling remote work but notes the inherent risks and costs of putting industrial control system components online.

White House Stands Down Coordination Effort on SolarWinds, Microsoft Exchange Hacks

The leading cybersecurity official on the National Security Council shared lessons learned as agencies reach patching goals.

The Hack Roundup: White House Sanctions Russia over SolarWinds

Agencies involved in response also issued advisories on the hackers' tactics while Microsoft offered federal customers free trials of an auditing tool.

No Domestic Surveillance Authorities Needed, NSA Director Reiterates

Instead, Gen. Paul Nakasone and other intelligence community leaders want better public-private partnerships to address “blind spots” in the cyber realm.

Director Says NSA’s Domestic Surveillance Authority ‘Rightly’ Limited

Gen. Paul Nakasone, who oversees both the intelligence agency and U.S. Cyber Command, stressed the need for greater visibility through private-sector information streams.

NSA, CISA Promote Domain Name System Incorporating Threat Information

The agencies’ guide on selecting a provider of protective DNS services is based on a pilot with the Department of Defense Cyber Crime Center.

Splitting NSA, CyberCom Now Could Reduce Military Access to Intelligence, Milley Says

The Joint Chiefs chairman says the organizations have not yet worked out how to keep the data flowing after the long-awaited split.

NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks

Operating under the default position that an organization has been compromised is a pain that’s worth it, the agency said.