Author Archive

Mariam Baksh

Senior Correspondent

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
Cybersecurity

CISA, NSA and industry outline security responsibilities of software suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

Cybersecurity

CISA seeks feedback on baseline measures to secure cloud configuration

Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next. 

Cybersecurity

CISA to focus on water, education and health sectors over the next year 

The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.

Cybersecurity

4 critical infrastructure sectors to get new cyber rules, per White House official

The deputy national security advisor for cyber and emerging tech said it should be up to sector-specific agencies to decide who should  implement appropriate cybersecurity defenses.

Cybersecurity

OMB: New acquisition rule coming for vendors to vouch for their software security

Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.

Cybersecurity

Commerce revises export rules to boost U.S. standards development on critical tech

The original rule—which banned certain entities from receiving U.S. exports—endangered U.S. participation in international standards bodies where such entities are present, opponents said.

Cybersecurity

White House attributes attack on Albania’s critical infrastructure to Iran 

A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.

Cybersecurity

National Cyber Director’s office elevates key personnel

Nick Leiserson helped develop legislation that created the cyber director’s office. A year after its establishment, he’s moving to a position where he can use it to shape policy.

Cybersecurity

DHS commits to better intel sharing with law enforcement

Whether the department has increased information sharing with government partners is unclear, but—either way—the quality is just not there, according to DHS’ Office of the Inspector General.

Cybersecurity

Finance sector looks to block cyber reporting rules for critical industry in House defense bill

Congress will return from the August recess faced once again with the challenge of building cybersecurity policy for private providers of critical infrastructure faster than industry can tear it down.

Cybersecurity

How the cyber ambassador in waiting plans to control $1.5 billion for open networks

The recently passed “CHIPS and Science Act” funds a grants program that the new State Department official will have a key role in steering, including to telecom networking firms.

Cybersecurity

NIST, CISA finalizing guidance for identity and access management post-SolarWinds

The epic intrusion campaign has turned up the brights on vendors providing authentication services, but agencies will still need to be actively engaged for effective implementation.

Cybersecurity

NIST selects 12 companies for implementing post-quantum cryptography 

Officials leading a standardization effort—based on four winning algorithms—are relying heavily on industry for success.

Cybersecurity

Cyber Safety Review Board closes the book on SolarWinds while reporting on Log4j 

Legislation seeking to amend the annual National Defense Authorization Act wants the Government Accountability Office to investigate.

Cybersecurity

DOD recommends NIST align frameworks for cybersecurity risk management

An effort to update the framework for securing critical infrastructure from cyberattack is coming face to face with issues that have plagued the Commerce agency from the beginning.

Cybersecurity

Why Commerce went against Microsoft on rule to control cyber exploits

The rule aims to prevent certain countries—most notably China—from receiving U.S. exports that could advance their intrusion and surveillance technology.

Cybersecurity

New DOJ guidance on enforcing hacking laws carves out safe space for security research

Nearly a decade after the death of open-access advocate Aaron Schwartz, his legacy is still playing out in cybersecurity policy.

Cybersecurity

CISA orders agencies to mitigate VMware vulnerabilities under deadline

Advanced adversaries appear to be exploiting the vulnerabilities to get around multifactor authentication.

Cybersecurity

U.S., allied cybersecurity agencies, advise reviewing contracts with tech vendors

A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.

Cybersecurity

NIST's supply chain security guidance tells agencies to look to FedRAMP

The agency has spent years revising guidance for organizations to address vulnerabilities presented by vendors of software and other enterprise suppliers.