Author Archive
IT Modernization
GAO dings OMB on performance goals for agencies’ IT management
The federal CISO’s plan for getting agencies to focus on cybersecurity measures the administration considers most urgent did not go over so well in a shifting Congress.
Cybersecurity
CMS subcontractor breach potentially exposes sensitive data of 254,000 beneficiaries
The Centers for Medicare and Medicaid said the breach involved a subcontractor that appears to have violated its obligations to the agency.
Cybersecurity
CISA, NSA and industry outline security responsibilities of software suppliers
New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.
Cybersecurity
CISA seeks feedback on baseline measures to secure cloud configuration
Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next.
Cybersecurity
CISA to focus on water, education and health sectors over the next year
The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.
Cybersecurity
4 critical infrastructure sectors to get new cyber rules, per White House official
The deputy national security advisor for cyber and emerging tech said it should be up to sector-specific agencies to decide who should implement appropriate cybersecurity defenses.
Cybersecurity
OMB: New acquisition rule coming for vendors to vouch for their software security
Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.
Cybersecurity
Commerce revises export rules to boost U.S. standards development on critical tech
The original rule—which banned certain entities from receiving U.S. exports—endangered U.S. participation in international standards bodies where such entities are present, opponents said.
Cybersecurity
White House attributes attack on Albania’s critical infrastructure to Iran
A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.
Cybersecurity
National Cyber Director’s office elevates key personnel
Nick Leiserson helped develop legislation that created the cyber director’s office. A year after its establishment, he’s moving to a position where he can use it to shape policy.
Cybersecurity
DHS commits to better intel sharing with law enforcement
Whether the department has increased information sharing with government partners is unclear, but—either way—the quality is just not there, according to DHS’ Office of the Inspector General.
Cybersecurity
Finance sector looks to block cyber reporting rules for critical industry in House defense bill
Congress will return from the August recess faced once again with the challenge of building cybersecurity policy for private providers of critical infrastructure faster than industry can tear it down.
Cybersecurity
How the cyber ambassador in waiting plans to control $1.5 billion for open networks
The recently passed “CHIPS and Science Act” funds a grants program that the new State Department official will have a key role in steering, including to telecom networking firms.
Cybersecurity
NIST, CISA finalizing guidance for identity and access management post-SolarWinds
The epic intrusion campaign has turned up the brights on vendors providing authentication services, but agencies will still need to be actively engaged for effective implementation.
Cybersecurity
NIST selects 12 companies for implementing post-quantum cryptography
Officials leading a standardization effort—based on four winning algorithms—are relying heavily on industry for success.
Cybersecurity
Cyber Safety Review Board closes the book on SolarWinds while reporting on Log4j
Legislation seeking to amend the annual National Defense Authorization Act wants the Government Accountability Office to investigate.
Cybersecurity
DOD recommends NIST align frameworks for cybersecurity risk management
An effort to update the framework for securing critical infrastructure from cyberattack is coming face to face with issues that have plagued the Commerce agency from the beginning.
Cybersecurity
Why Commerce went against Microsoft on rule to control cyber exploits
The rule aims to prevent certain countries—most notably China—from receiving U.S. exports that could advance their intrusion and surveillance technology.
Cybersecurity
New DOJ guidance on enforcing hacking laws carves out safe space for security research
Nearly a decade after the death of open-access advocate Aaron Schwartz, his legacy is still playing out in cybersecurity policy.
Cybersecurity