Commerce Secretary Gina Raimondo says a funding infusion is needed for a new office supporting work on supply chain security in the information and communications technology and services sector, as the department continues efforts around a controversial Trump-era ICTS initiative.
Senate Homeland Security ranking member Rob Portman (R-OH) is raising concerns over the level of public disclosure required in the SEC’s proposed cybersecurity rule for publicly traded companies, while a bipartisan group of national security-focused senators is urging the commission to press ahead with the proposal.
The National Institute of Standards and Technology is taking a fresh look at priorities under its Internet of Things cybersecurity program, with plans to update a publication evaluating risks and to hold a June event on next steps.
Legislation has cleared the House requiring the Department of Homeland Security and CISA to report on how they are performing their role in federal cybersecurity incident response and to provide recommendations on steps for further clarifying responsibilities.
The Defense Department faces a calculated risk in terms of starting up third party assessments under the Cybersecurity Maturity Model Certification program for early adopters, according to contracting attorney Robert Metzger, who sees ongoing work to finalize changes to the Pentagon’s acquisition rules as one barrier for the delayed interim launch.
A paper from the Linux Foundation and Open Source Security Foundation offers a “comprehensive portfolio” of recommendations for improving the security of open source software in supply chains, based on best practices and including analysis of related costs.