Identity Authentication

House reconciliation bill includes nearly $800 million for CISA

The funding supports the implementation of President Joe Biden's May executive order on cybersecurity and workforce development.

Digital ID left out of infrastructure bill

A plan to get federal support and funding behind digital identity proofing as a way to combat benefits fraud wound up on the cutting-room floor as the Senate crafted its $1.2 trillion infrastructure bill.

Agency zero trust does not start from point zero

The good news is that consistent IT policy spanning previous presidential administrations has allowed the federal government to slowly put the necessary building blocks in place for the inevitable zero trust architecture journey.

CISA launches new initiative to combat ransomware

The Joint Cyber Defense Collaborative (JCDC) will allow the federal government and corporate partners share information to combat ransomware.

CISA predicts cyber EO will drive progress on zero trust

Most agencies are just getting started creating plans around zero trust, but tight deadlines featured in President Joe Biden's cybersecurity executive order and a wave of new guidance, may speed up implementation across the entire government.

VA watchdog warns of security risks from undocumented PIV cards

A new report warns contracting officers at the Veterans Health Administration are failing to comply with agency and federal guidelines ensuring contractor personnel return personal identity verification (PIV) cards after employment.

Creating a more resilient American infrastructure

With the necessary reforms to modernize federal IT now clearer, it's critical to call out that the government has far too long relied on antiquated technologies that cannot thwart today's stealthy and persistent adversaries.

White House tees up cyber labeling policy

A 2020 law could provide some legal cover for executive orders regulating software and IoT cybersecurity, but new legislation could be required.

Why the network compass is obsolete

Old labels for network traffic are out of date with government users connecting from devices outside traditional perimeters, but TIC 3.0 offers a new map.

Senate Dems demand answers on DOJ's hack exposure

A group of Democratic senators want detailed answers from the Justice Department and the judiciary branch by the end of the month about the impact of the SolarWinds breach.

FireEye not ready to ascribe SolarWinds hack to Russia

The cybersecurity firm credited with discovering the compromise of SolarWinds Orion isn't saying that Russia didn't do it, but that more evidence is needed to make a definitive attribution.

Watchdog: GSA needs to account for contractor PIV cards

The General Services Administration still needs to do a better job tracking and recovering access cards from its contractors, according to a report for the agency's watchdog.

Civilian-side CMMC

The General Services Administration will add more supply chain and cybersecurity protection language, including DOD's CMMC requirements for vendors, to its new contracts as risks grow, according to one of the agency's top acquisition managers.

CMMC clears key regulatory hurdle

The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

PIV security frays under the crush of telework

Adversaries are adapting to the shifting identity authentication gaps on federal and commercial networks created by the remote work environment, according to federal security experts.

CISA orders agencies to patch dire Window flaw

The Cybersecurity and Infrastructure Security Agency alerted federal agencies of an authentication flaw in Microsoft server software in need of an immediate fix.

House bill aims to strengthen digital ID

Legislation proposed in the House would tap the National Institute of Standards and Technology and the Department of Homeland Security in new effort to help set national digital identifier capabilities.