Inside Cybersecurity

November 13, 2025

Home Page

Home Page

By Sara Friedman

Allan Friedman, a leader on Software Bill of Materials, is starting a new initiative to build a multistakeholder process for Hardware Bill of Materials based at the Institute for Security and Technology, in one of his first moves since leaving the Cybersecurity and Infrastructure Security Agency in late July.

By Sara Friedman

The Federal Communications Commission will put out a public notice “relatively soon” asking for comment on proposed technical requirements for the U.S. Cyber Trust Mark program, according to the Consumer Technology Association’s Mike Bergman, as the regulatory agency winds down a national security review of the initiative.

By Jaden Beard

Bobbie Stempfley of Dell Technologies emphasized the importance of CISA in a recent essay of continuing to provide intelligence to the Multi-State Information Sharing and Analysis Center, following end of a contract with the Center for Internet Security to support the nonprofit hub.

By Jaden Beard

The Cybersecurity and Infrastructure Security Agency has published implementation guidance instructing agencies to apply the latest software updates to Cisco security appliances, as a follow up to a September emergency directive on actively exploited vulnerabilities.

By Jaden Beard

Larry Clinton, head of the Internet Security Alliance, is continuing to push for the establishment of a national cyber workforce academy in the second Trump administration, as National Cyber Director Sean Cairncross considers ideas to build the government’s cyber workforce.

By Sara Friedman

The Health Sector Coordinating Council is working on guidance for 2026 on artificial intelligence cybersecurity risks, including a governance framework and AI secure by design guidance.

By Jaden Beard

The energy sector is facing a surge of cyber attacks impacting Internet of Things devices and operational technology systems, according to a report from cyber firm Zscaler exploring trends in the malware threat landscape.

RECENT NEWS

Senate advances short-term CISA 2015, cyber grant program reauthorizations through continuing resolution
National Defense ISAC leader raises questions over CMMC assessment capacity, controlled unclassified information
Former ONCD official Knake calls for professional staff to run Cyber Safety Review Board, avoiding conflicts of interest
Stakeholders explore addressing AI supply chain risks in context of cybersecurity policy apparatus
Former NSC official focuses on increasing cyber resilience at agencies amid growing AI capabilities
Nonprofit ransomware task force updates defense blueprint to align with CSF 2.0 functions

MORE NEWS ›

Topics

CMMC
CMMC stakeholder community convenes for annual conference without Defense Dept. leaders in attendance
NIST publishes final draft for advanced persistent threats publication update, accompanying assessment guide
DOD CIO nominee Davies identifies opportunities for realignment to meet zero trust goals
Pentagon considers costs for small businesses to comply with CMMC acquisition requirements in final rule
Incident Reporting Law
Pipeline sector urges FAA to set cyber safeguards for traffic management systems as part of aircraft rulemaking
Energy sector coalition seeks harmonization of proposed FAA rules with FERC cyber standards
U.S. Chamber calls on FAA to harmonize cyber reporting requirements in unmanned aircraft rulemaking
Easterly emphasizes power of artificial intelligence for software security
Supply Chain
Water sector groups see opportunities for further collaboration with EPA on cyber tools
Former cyber officials highlight evolving challenges at CISA, ongoing policy discussions in new essay collection
House GOP committee leaders urge Commerce Dept. expansion of ICTS sector foreign reviews to focus on Chinese tech
FCC draft order calls for ‘federal-private’ partnerships to drive cybersecurity, reversing January Salt Typhoon ruling
Zero Trust
CISA publishes best practices security guide on Microsoft Exchange servers, following August emergency directive
Carnegie Mellon research hub considers zero trust implementation needs for weapon systems
Trump executive order renews efforts under national security advisory committee run by DHS
Lawfare project poses research questions to guide future secure by design work
National Cyber Strategy
Stakeholders consider ‘systemic defense’ framework to address cyber infrastructure issues
Former NCD Inglis optimistic about opportunities for cyber under Trump administration
OMB memo for fiscal 2025 FISMA reporting builds on network visibility requirements, IoT responsibilities
NCD Coker: Chinese cyber threats require cross-sector engagements, partnership with OMB
CSF 2.0
EPA publishes cyber procurement checklist targeted at water sector to protect supply chains
NIST seeks feedback on draft update to cybersecurity framework profile for manufacturing sector
U.S. Chamber raises concerns to New York regulators over proposed cyber requirements for public utilities, cable television providers
NIST seeks input on guidance mapping post-quantum cryptography capabilities to key agency publications
INTERNET OF THINGS
Trump selects Purdue engineering dean Raman to serve as next NIST director
NIST releases second draft of update to foundational Internet of Things guidance
NIST finalizes IoT characterization report, supplementing MUD project
NIST publishes draft quick start guide for managing emerging cyber risks using CSF 2.0
Artificial Intelligence
Health sector group previews guidance on AI challenges through cybersecurity lens
ITI proposes national AI strategy to define steps for adopting, integration into existing systems
Stakeholders explore addressing AI supply chain risks in context of cybersecurity policy apparatus
Former NSC official focuses on increasing cyber resilience at agencies amid growing AI capabilities