Inside Cybersecurity

April 24, 2024

Home Page

Home Page

By Sara Friedman

The House Homeland Security cyber subcommittee will hold a May 1 hearing on CISA’s notice of proposed rulemaking to establish a mandatory incident reporting regime, featuring private sector stakeholders.

By Jacob Livesay

The Institute for Security and Technology’s Ransomware Task Force is calling for increased attention on international disruption efforts and strengthening public-private partnerships, in a report reviewing the group's progress since 2021 to implement key recommendations for government, industry and civil society organizations.

By Jacob Livesay

The National Institute of Standards and Technology is exploring opportunities to help organizations develop “community" profiles based on the NIST cybersecurity framework update, known as "CSF 2.0," through working with stakeholders who have common interests and promoting guidance on how profiles are created.

By Sara Friedman

The Defense Department is launching a cyber vulnerability disclosure program for the defense industrial base, following a 12-month pilot conducted in partnership with HackerOne.

By Sara Friedman

The Cybersecurity and Infrastructure Security Agency goes into detail on expected costs to implement its upcoming mandatory incident reporting regime for critical infrastructure in a required regulatory impact analysis report and also explores alternatives to the agency’s proposed rule published on April 4.

By Sara Friedman

Two nonprofits focused on securing the internet say potential mandates by the Federal Communications Commission over Border Gateway Protocol could be harmful and slow down progress by other stakeholders, in a filing submitted ahead of the FCC’s vote on Thursday to restore net neutrality regulations.

By Jacob Livesay

The Justice Department must ensure that its process for identifying “countries of concern” under an ongoing rulemaking process focused on limiting foreign adversary access to personal and government data is both transparent and predictable, according to three telecom groups who responded to an advance notice of proposed rulemaking.

RECENT NEWS

Security research firm identifies cyber threats impacting autonomous vehicles
Water groups ask CISA for extension on incident reporting rulemaking comment period
CISA cyber leader highlights info-sharing takeaways from Cyber Storm exercise
House Energy and Commerce sets up May hearing with UnitedHealth Group CEO in response to cyber attack
CISA official illuminates path forward for eliminating recurring software vulnerabilities
House Financial Services evaluates potential of cyber insurance to assist with bolstering defenses against ransomware

MORE NEWS ›

Topics

Biden's Executive Order
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
FAR Council establishes new section in acquisition rules for upcoming supply chain regulations
Incident Reporting Law
DHS official urges implementation of cyber-incident reporting rules amid AI EO taskings
Mayorkas addresses incident reporting harmonization at House fiscal 2025 budget hearing
Tech group calls for eliminating info-sharing federal agency silos to better combat ransomware
Congressional Research Service reviews CISA incident reporting notice of proposed rulemaking
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Defense ISAC releases ‘shopping guide’ to assist small businesses with selecting assessor for CMMC certification
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
Federal officials emphasize role of state-level investments in cybersecurity for fulfilling national cyber strategy
CSF 2.0
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
NIST launches update process for small business security publication with request for comment
Supply Chain
DHS and open source group release new tool for creating, translating Software Bill of Materials
Lawmakers back FCC net neutrality rulemaking as commission vote nears to restore Title II oversight
House Energy and Commerce weighs need for establishing health sector cyber requirements with providing incentives
Information sharing group emphasizes consequences of ransomware on food, agriculture sector