Cybersecurity
NIST Outlines Request for Information Toward a New Cybersecurity Framework
The update will include a focus on supply chains for both hardware and software.
Cybersecurity
House Passes NDAA Without Cyber Incident Reporting Legislation
The bill still includes what the House Armed Services Committee referred to as the widest empowerment of CISA since SolarWinds.
Cybersecurity
OMB Guidance Heralds Automation of FISMA Reporting
The new Federal Information Security Modernization Act guidance also prioritizes security testing and doubles down on CISA’s Continuous Diagnostics and Mitigation program.
Cybersecurity
NSA, CISA List Expectations for Industry on Data Governance in 5G Environments
The document is the third in a four-part series of guidance that categorizes security responsibilities according to their relevance for the cloud service providers, mobile operators and users of emergent fifth-generation networks.
Cybersecurity
DHS Redefines ‘Cybersecurity Incident’ in Directives for Surface Transportation
The new definition allows industry more flexibility to decide what should trigger reporting mandates for the sector.
Cybersecurity
Hacker, Journalist Among CISA Directors’ 23 New Cybersecurity Advisors
The new Cybersecurity Advisory Committee will focus on five areas including workforce development, and has room for 12 more members.
Cybersecurity
CISA Seeks Protective Email Service that Tracks Agencies’ Security Compliance
The agency is ramping up efforts to exercise its new authorities to hunt for threats across the .gov enterprise.
Cybersecurity
Commerce Proposes Third Party Audits as Criteria in Supply Chain Rule for Software
The Government Accountability Office says CISA should also update its approach to communications sector reliability by securing the supply chain for information and communications technology.
Cybersecurity
White House Holiday Warning Identifies Options for Reporting Ransomware
The FBI has a prominent portal for entities to report cybersecurity incidents, but Congress is considering legislation that officials fear could change the current dynamic.
Cybersecurity
Government Watchdog Welcomes Treasury’s Data Collection on Cyber Insurance Claims
A Government Accountability Office report on the Treasury Department’s role in shaping the market for cybersecurity insurance is expected next spring.
Cybersecurity
NSA, CISA Say Industry Should Use Attestation Technology to Secure 5G Environments
The tech can provide evidence of compliance with configuration standards and detect anomalies in complex multi-tenant, multi-cloud computing architectures.
Cybersecurity
FISMA Update Excluded From Senate NDAA Amendment
Language instructing the Defense secretary to include CISA and the national cyber director in designing a pilot project for private-sector collaboration made it in.
Cybersecurity
Governments Warn Iran Is Targeting Microsoft and Fortinet Flaws to Plant Ransomware
A warning from allied cybersecurity agencies coincides with the Cybersecurity and Infrastructure Security Agency’s recent order for agencies to patch a range of vulnerabilities.
Cybersecurity
US Partnering with Israel to Counter Ransomware, Regulate FinTech
Israel’s NSO Group represents just one aspect of the country’s lively tech industry, which may be about to get another energizing jolt from its government.
Cybersecurity
DHS Launches Portal to Recruit—and Retain—Cybersecurity Talent
The moment of truth is here for a new hiring system that promises to address gaping cybersecurity shortages by redefining "merit."
Cybersecurity
US, EU Join French President’s Call for Trust and Security in Cyberspace
The move is one of several recent actions the Biden administration has taken integrating cybersecurity into broader trade and national security issues.
Cybersecurity
CISA Director to Appoint Hackers to Cybersecurity Advisory Committee
Security researchers have a crucial role to play in balancing an offense-heavy ecosystem, the director said.
Cybersecurity
Facebook Can Sue Israel’s NSO Group, Appeals Court Says
The case against the NSO Group appears to scratch the surface of problematic commercial hacking tools sold at arms markets, which the U.S. government has only just begun trying to control.
Cybersecurity
U.S. Government Acts Against Alleged REvil Hackers
The Justice Department announced two indictments while the State Department offered $10 million for information on other conspirators.
Cybersecurity