Risk Management

It’s Official: Defense Department Will Use Other Agencies’ Cloud Security Assessments

The department’s IT office issued a provisional rule to accept other agencies’ FedRAMP ATOs without the need for written approval.

GSA Cyber Expert Offers Tips on Cloud Security

Dan Jacobs says agencies should treat security like a team sport and avoid falling in love with the latest cyber products.

CISA Recommends Three-Pronged Approach for Mobile Security

Part of that is taking on the mindset of your potential attacker, an agency official said.

NASA’s Moon Plans Rely Heavily on Mobile Tech

CIO Renee Wynn weighed in on how America’s space agency embraces mobility.

The Pentagon Spent Millions on Vulnerable Chinese Tech in 2018, Watchdog Says

The procurements, which could expose the department and its contractors to espionage and cyberattacks, highlight significant gaps in the Pentagon’s supply chain security policies.

Agencies Still Falling Short on Cyber Standards, GAO Says

Despite thousands of watchdog recommendations and a growing array of digital threats, agencies are still dropping the ball on cybersecurity, auditors found.

CISA Explains Why Enterprise Approach To Security is Gamechanging

The agency’s assistant director for cybersecurity highlighted multiple aims and accomplishments.

What Connected Patients Risk

Internet-enabled medical devices are designed to improve patient safety but pose a significant risk if left unsecured.

Here's How a Supply Chain Task Force Recommends Avoiding Counterfeit Tech

Federal buyers should help secure supply chains by buying from original manufacturers and authorized resellers.

The Risk Management Framework Is Dead. Long Live the RMF.

A framework is just that: a frame of reference from which to adapt according to your needs and situation.

Census’ Cybersecurity Plan is Full of Holes, Watchdog Says

The 2020 Census will be a prime target for digital adversaries, but the plans for fighting those threats are incomplete and outdated, the Government Accountability Office found.

Air Force’s New Fast-Track Process Can Grant Cybersecurity Authorizations In One Week

The process is a mix of quick but comprehensive testing up front followed by continuous monitoring through the life of the app.

Understanding Today’s Mobile Software Supply Chain Risks

The reality is that supply chain risk is also a concern in the software frontier.

Census Bureau Isn’t Properly Managing Its Risk Management Review System

A lack of continuous assessment and oversight led to bad reporting, which in turn led to bad decision-making and a weak cybersecurity posture.

Cyber Supply Chain Task Force to Meet Soon

The task force will be managed by Homeland Security Department’s new long-range cyber planning organization.