Inside Cybersecurity

September 25, 2023

Home Page

Home Page

By Jacob Livesay

Designating space systems as critical infrastructure and selecting a sector risk management agency should involve a number of factors, according to leaders from the Space Information Sharing and Analysis Center.

By Sara Friedman

The National Institute of Standards and Technology can play a role in helping agencies crafting cyber regulations understand the NIST cybersecurity framework and consult with regulators as needed, according to stakeholders who spoke at the third CSF 2.0 workshop.

By Sara Friedman

The National Institute of Standards and Technology is accepting comments through Sept. 29 on a “discussion essay” outlining potential considerations for developing a profile on consumer routers, as part of the FCC-led Internet of Things cyber labeling program.

By Brett Fortnam

The Commerce Department has published a final rule aimed at ensuring subsidies funded by the CHIPS and Science Act do not benefit China.

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency convenes a webinar this week with members of the CISA supply chain task force to talk about an upcoming Hardware of Materials product, while the National Security Telecommunications Advisory Committee meets to vote on a new report on “abuse of domestic infrastructure.”

By Sara Friedman

Common language proposed by the DHS-led Cyber Incident Reporting Council on how to define an incident and the trigger for reporting could have a positive impact on CISA’s upcoming rulemaking for critical infrastructure, according to the Bank Policy Institute.

RECENT NEWS

Telecom advisory panel to propose ONCD-led strategy to combat foreign actor abuse of domestic infrastructure
CISA details next steps for known exploited vulnerabilities catalog program
IT-ISAC convenes election security forum for tech providers, researchers to test software configurations
Stakeholders weigh in on balance between specificity, flexibility in NIST CSF 2.0 governance function
NIST CSF 2.0 workshop dives into guidance for creating profiles to address stakeholder needs
CSF 2.0 mappings provide starting point to help communicate potential changes, business needs
NIST aims to reach ‘goldilocks zone’ based on feedback from CSF 2.0 workshop

MORE NEWS ›

Topics

Biden's Executive Order
FCC extends comment deadline for Internet of Things labeling program proposal
NIST updates zero trust project guidance with draft publication on risk and compliance management
DHS, Education Dept. officials highlight importance of metrics for implementing zero trust
NIST publishes draft guidance for integrating software security concepts into cloud operations
Incident Reporting Law
CISA advisory committee provides options to create national cybersecurity alert system
CISA incident reporting lead emphasizes need for feedback on definitions in upcoming proposed rule
Easterly: CISA’s next secure-by-design product will focus on ‘evidence’ to signal adoption of principles
House Homeland GOP leaders raise concerns over SEC cyber incident disclosure final rule
SEC CYBER RULES
CISA advisory panel approves proposals addressing systemic risk, corporate cyber responsibility
Senators spar over SEC regulatory authorities at oversight hearing addressing disclosure polices, AI regulation
Nonprofit ransomware task force leaders discuss need to incentivize incident reporting
Moody’s finds small businesses need to balance benefits from increased incident reporting with rising compliance costs
FTC Cyber Rules
Hunton law firm group details considerations for FTC proposal on ‘commercial surveillance’
California AG pushes FTC for ambitious approach to regulating ‘commercial surveillance,’ emphasizes health data
U.S. Chamber of Commerce takes aim at FTC ‘commercial surveillance’ proposal, says agency exceeds authority
Commerce agency says FTC ‘commercial surveillance’ proposal helps drive unified approach to privacy
Zero Trust
CISA updates identity access management reference architecture for CDM program
NIST finalizes zero trust architecture model for ‘multi-location’ cloud access control
NIST’s Scholl details ‘tiered’ approach for migrating to post-quantum cryptography
NIST updates draft implementation guidance for zero trust architecture under executive order mandate
National Cyber Strategy
Critical infrastructure advisory panel calls for national cyber assessment of electrical systems
DHS ­­official: Mobile app market must adjust to meet secure-by-design efforts
Energy Dept. releases implementation guide for building secure-by-design principles into energy systems
Sens. Hickenlooper and Tillis ask ONCD for details on efforts to secure critical infrastructure against AI threats
CSF 2.0
Stakeholders discuss ‘organizational context’ category as launchpad for governance function in CSF update
NIST labs director Romine opens CSF 2.0 workshop highlighting 10-year journey for cyber framework
NIST convenes final CSF 2.0 workshop to gather feedback on full draft update, implementation examples
NIST opens registration for third cybersecurity framework update workshop
Supply Chain
OMB kicks off meetings with industry stakeholders ahead of CMMC proposed rule release
DOD, industry officials stress need for more information sharing to defend against cyber attacks
CISA unveils roadmap outlining agency efforts to address open source software security
Pentagon small business office plans pilot with companies on protecting controlled unclassified information