Inside Cybersecurity

May 16, 2024

Home Page

Home Page

By Sara Friedman

The House Oversight Committee has unanimously approved a bill that would make changes to federal acquisition regulations to require contractors to have a vulnerability disclosure policy in line with the 2020 Internet of Things Cybersecurity Act.

By Sara Friedman

NIST’s final update to two publications focused on controlled unclassified information puts in place “organization-defined parameters” and the ability for agencies to make determinations on what meets their needs.

By Jacob Livesay

The recently released update to national cyber strategy implementation plan contains specific tasks for agencies aimed at bolstering the security of the water and health sectors, targeting critical infrastructure that has been described as "target rich, resource poor" by government officials.

By Sara Friedman

Federal CISO Chris DeRusha is leaving the Office of Management and Budget, following three and a half years leading government efforts to implement the 2021 cyber executive order to secure federal networks and other cybersecurity initiatives.

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency provides recommendations for civil society organizations to implement specific security controls for preventing cyber attacks from nation-state actors, in a new guide released with the FBI and international partners.

By Sara Friedman

SAN FRANCISCO. Getting the funding that the Cybersecurity and Infrastructure Security Agency needs to implement its upcoming incident reporting regime is important when it comes to hiring personnel and building the necessary tech infrastructure, according to CISA executive director Brandon Wales.

By Jacob Livesay

Efforts underway at the National Telecommunications and Information Administration are already supporting the broader goals of the State Department under the recently unveiled international cyber strategy, according to NTIA Administrator Alan Davidson and State cyber leader Nate Fick.

RECENT NEWS

CISA sets June conference to highlight work of supply chain risk management task force
Consumer tech group calls for tailoring Commerce Dept. connected vehicle proposal to avoid supply chain disruption
Sen. Brown urges Commerce rulemaking to ban connected cars from China over data concerns
House Homeland Security leaders ask Microsoft executive to testify at hearing on cyber safety board report
Former cyber officials see opportunity for more transparency in vulnerability disclosure
CISA officials weigh in on measuring impact of ‘target rich, resource poor’ work

MORE NEWS ›

Topics

Biden's Executive Order
Former CISA Director Krebs, other policy vets join reshuffled Cyber Safety Review Board
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Incident Reporting Law
Cyber incident reporting, software security initiatives among hot topics at RSA as agency leaders, policy vets convene in San Francisco
CISA grants 30-day extension for input on incident reporting rule
House panel addresses need for harmonization in upcoming CISA incident reporting regime, scoping key definitions
Industry leaders to question scope of proposed CISA mandatory reporting requirements at House hearing
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
Pentagon issues ‘class deviation’ to address anticipated May update for NIST CUI publication
NIST plans May release of updated controlled unclassified information guides foundational to CMMC program
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
NCD Coker previews upcoming minimum security requirements for government space systems
Former ONCD official outlines evolving priorities for implementation of national cyber strategy
Office of Personnel Management commits to skills-based hiring for IT roles as part of national cyber workforce strategy
ONCD convenes legal symposium on developing software liability framework
CSF 2.0
Rural broadband organization updates cyber resources to reflect changes in NIST CSF 2.0
NIST explores ways to support creation of ‘community' profiles based on CSF 2.0 update
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
Supply Chain
Easterly emphasizes need for ‘radical transparency’ through secure by design efforts, amid pledge rollout
NTIA announces second funding opportunity under Open RAN grant to support supply chain security
ONCD releases update to implementation plan for national cyber strategy
ONCD determines potential approaches to address software liability, launches work with manufacturers