Using managed service providers to help companies reach CMMC compliance should extend beyond the Defense Department by incorporating civilian agencies that also handle controlled unclassified information, according to a former General Services Administration senior official.
The Federal Trade Commission has issued an advance notice of proposed rulemaking seeking input on potential rules “to crack down on harmful commercial surveillance and lax data security,” citing numerous issues of concern around processes that collect and analyze consumer data, including vulnerability to hackers.
The Cyber Safety Review Board is working on building up its “infrastructure” during the “off-season” following the release of the inaugural report digging into the Log4j software vulnerability, according to board chair and DHS senior official Robert Silvers.
House Energy and Commerce Chairman Frank Pallone (D-NJ) and ranking member Cathy McMorris Rodgers (R-WA) are asking several departments and agencies to detail how they addressed the Log4j vulnerability exposed in December 2021 and to brief committee staff on their response efforts.
Former CISA Director Chris Krebs says he is encouraged by the way government agencies are coming together to address major threats, while recognizing more work is necessary to get industry buy-in on making investments in cybersecurity.