The Cybersecurity and Infrastructure Security Agency has issued a binding operational directive designed to improve visibility into federal agencies’ network assets, identify vulnerabilities in their software and share information back to CISA to conduct cumulative analysis.
An FCC advisory council is urging the commission to get involved with work at CISA and NIST on supply chain security, as part of an effort to standardize guidance across sectors and gain a better understanding of how a Software Bill of Materials can be used effectively in the communications space.
CISA is offering guidance on an updated system of designations used in the sharing of sensitive information by government and private-sector entities, with the agency’s switchover to “Traffic Light Protocol 2.0,” developed by the Forum of Incident Response and Security Teams (FIRST), coming on Nov. 1.
A new report by the information sharing and analysis center for the retail sector quantifies the type of cyber threats faced by retailers and the hospitality and travel industries, and includes “observations and analysis” of ransomware and other “extortion” events by intelligence firm Nisos, an RH-ISAC associate member.
The Cybersecurity and Infrastructure Security Agency has two listening sessions this week in Chicago and the Dallas/Fort Worth area to inform its upcoming incident reporting regulation, while former and current federal officials discuss supply chain issues and the Elections Assistance Commission convenes a workshop.
The House has passed new legislation to codify the General Services Administration’s FedRAMP program, designed to align with the Senate proposal advanced in a March cyber package and changes requested by the White House.