House appropriators are investing in helping agencies address supply chain threats across government and fulfill requirements from President Biden’s 2021 cyber executive order including cloud migrations.
The Department of Energy has updated its Cybersecurity Capability Maturity Model, a self-evaluation tool designed to determine priority areas to address vulnerabilities, following real-world testing with industry players from the electric, oil and natural gas sectors.
Global insurance broker Marsh McLennan sees cybersecurity insurance premium rates leveling off after two years of “persistently high claims rates” pushed up the cost of coverage, while highlighting “twelve key controls” to reduce ransomware and other cyber risks.
An advisory from CISA, the FBI and Treasury Department warns that MedusaLocker ransomware threat actors continue to target victims through vulnerabilities in Remote Desktop Protocol, and offers details on mitigations as part of the federal government’s #StopRansomware initiative
The Pentagon is planning to issue a final rule in December establishing a regime for DOD acquisition officials to conduct assessments of a contractor’s compliance with NIST Special Publication 800-171.
The Transportation Security Administration is renewing and revising two cybersecurity directives for pipeline operators issued after the 2021 Colonial Pipeline ransomware attack, lengthening the timeline for reporting cyber incidents in one of the orders, while promising a formal rulemaking process over the next year covering “pipelines and other surface transportation systems.”