Operational Policy

NIST defines 'critical software' under the cyber EO

The National Institute of Standards and Technology's new definition of "critical software" is foundational to new federal efforts to exert more control over the code supply chain.

Biden's pick to lead GSA: 'We can't implement government policy if we can't get the damn websites to work'

Robin Carnahan said she will focus on making General Services Administration's offerings more user friendly and digitally secure while improving governmentwide cybersecurity efforts.

TSA's role in pipeline security looks like a weak link to some in government and industry

Questions about whether TSA is rightly positioned to oversee cybersecurity for natural gas and oil pipelines are resurfacing in the wake of the ransomware attack on Colonial Pipeline.

Why zero trust is having a moment

Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Biden taps D.C. employment lawyer to lead MSPB

The Merit Systems Protection Board has been without Senate-confirmed leadership since March 2019 and without a quorum to decide appeals since January 2017.

We need more federal guidance on mobile IT security

Effective systemwide security requires mobile threat detection and privacy measures to be active on as many devices as possible.

Expected breach disclosure mandates will test government-industry cooperation

The White House and lawmakers are eyeing steps to make sure contractors have to alert the federal government to cybersecurity breaches on their systems, but expect companies to balk at rules that put them at risk for legal action or require the disclosure of trade secrets.

ATO ASAP: Streamlining government security with a Federal Compliance Library

With communal resource for commonly used components, agencies could devote more time to security postures that are truly unique.

Biden to use Quad as 'vehicle' for regional cyber cooperation

Jake Sullivan, the national security advisor, says President Joe Biden discussed both the supply chain attack on SolarWinds and vulnerabilities being exploited in Microsoft Exchange with leaders of Japan, India and Australia.

CISA eyes changes to combat future supply chain hacks

The acting director of the Cybersecurity and Infrastructure Security Agency today said his agency is looking various changes to protect federal networks in the wake of the massive breach discovered late last year.

ATO ASAP: Let’s finally fix the security compliance problem

The process federal agencies go through to prove a system is secure may actually be making us less secure. This is a problem that we must fix today, not tomorrow.

Trump issues last-minute order targeting foreign cyber threats

A Jan. 19 executive order from Donald Trump in the waning hours of his presidency aims to force cloud providers to keep more complete records about their customers to support U.S. investigations of hacks and other computer crimes.

Biden promises 'overwhelming focus' on hack recovery

The president-elect called out the Trump administration for failing to prioritize cybersecurity in general, and for "downplaying the seriousness" of the ongoing breach that has hit multiple federal agencies.

OPM rule would elevate performance in layoff decisions

The current rules for reductions in force have performance last on the list of factors to consider in the determining which employees to keep, with the type of job coming first and followed by veterans preference and service length after.

USAF primed to launch new phase of data strategy

Eileen Vidrine, the Air Force's chief data officer, talks about department's priorities are, how they've changed this year and how the Defense Department's data strategy ties it all together.

Making software more than 'IT thing'

Software modernization has a branding problem, and it's going to take more than the colloquial culture shift to speed up the Defense Department's adoption of modern tech capabilities, according to Deputy CIO Peter Ranks.

OPM directs agencies on civil service overhaul

A memo from acting personnel chief Michael Rigas told agencies they could look outside the boundaries of a recent executive order for jobs to reclassify, but that the Office of Personnel Management would make final determination.