Inside Cybersecurity

May 20, 2024

Home Page

Home Page

By Sara Friedman

A proposed rule to amend the Defense Department’s acquisition policies for the Cybersecurity Maturity Model Certification program has entered the Office of Management and Budget review process.

By Sara Friedman

The House Financial Services Committee has approved along party lines a resolution from Rep. Andrew Garbarino (R-NY) to roll back a controversial Securities and Exchange Commission rulemaking that went into effect in December to require publicly traded companies to disclose cyber incidents.

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency will convene Software Bill of Materials stakeholders in September for updates on community-led workstreams and potential ways to automate software transparency efforts, on the heels of restructuring how the agency is facilitating work to foster greater SBOM adoption.

By Sara Friedman

A notice of proposed rulemaking to be considered at the Federal Communications Commission’s June meeting considers establishing requirements where large broadband providers would need to submit information on their plans to secure internet routing traffic and address potential cyber risks.

By Jacob Livesay

National Cyber Director Harry Coker discusses the White House’s efforts under the updated implementation plan for the national cyber strategy this week at a think tank event, while National Institute of Standards and Technology Director Laurie Locascio testifies on the agency’s priorities for 2025 in front of the House Science Committee.

By Sara Friedman

Republican commissioners on the Securities and Exchange Commission are supportive of a final rule to establish cyber requirements for broker-dealers, investment companies and advisors, while expressing concern over the potential volume of breach reports and highlighting changes to the rulemaking.

By Jacob Livesay

The federal government can effectively leverage its role as a procurer of software to produce positive security outcomes across the tech ecosystem, according to NIST Information Security and Privacy Advisory Board Chair Steve Lipner, who argues that the establishment of tort-based liability protections would impose unnecessary costs on manufacturers.

RECENT NEWS

CISA releases guidance for agencies on encrypting web traffic under zero trust strategy
CISA cyber leader Goldstein to depart agency next month
House panel considers impact of China-backed cyber operations on federal agencies, critical infrastructure
Rosenworcel proposes establishing requirements for broadband providers on internet routing security
Stakeholders see opportunities for continued investment in adopting NIST cybersecurity framework update
Hacking Policy Council advocates for improvements to NIST vulnerability database

MORE NEWS ›

Topics

Biden's Executive Order
Federal CISO DeRusha to leave Office of Management and Budget
Former CISA Director Krebs, other policy vets join reshuffled Cyber Safety Review Board
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
Incident Reporting Law
Wales: CISA budget shortfall could impact hiring needs to implement mandatory cyber incident reporting law
Wales addresses scoping definitions under CISA’s upcoming incident reporting final rule
CISA executive director Wales identifies need to work with individual agencies on sharing incident reporting data
Cyber incident reporting, software security initiatives among hot topics at RSA as agency leaders, policy vets convene in San Francisco
SEC CYBER RULES
Industry leaders to question scope of proposed CISA mandatory reporting requirements at House hearing
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
CMMC
Final update to NIST CUI publications features ‘organization-defined parameters’ for agencies to adjust security requirements
Pentagon issues ‘class deviation’ to address anticipated May update for NIST CUI publication
NIST plans May release of updated controlled unclassified information guides foundational to CMMC program
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
Updated implementation plan aims to improve cybersecurity for water, health sectors with specific initiatives
NCD Coker previews upcoming minimum security requirements for government space systems
Former ONCD official outlines evolving priorities for implementation of national cyber strategy
Office of Personnel Management commits to skills-based hiring for IT roles as part of national cyber workforce strategy
CSF 2.0
Rural broadband organization updates cyber resources to reflect changes in NIST CSF 2.0
NIST explores ways to support creation of ‘community' profiles based on CSF 2.0 update
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
Supply Chain
NTIA administrator highlights responsibilities under international cyber strategy
CISA sets June conference to highlight work of supply chain risk management task force
Consumer tech group calls for tailoring Commerce Dept. connected vehicle proposal to avoid supply chain disruption
Sen. Brown urges Commerce rulemaking to ban connected cars from China over data concerns