The Department of Homeland Security‘s newly established Cyber Safety Review Board will focus on addressing the critical vulnerability found in the Log4j Java-based logging tool. DHS established the CSRB in accordance with President Joe Biden’s May 2021 executive order on modernizing the federal government’s cybersecurity. The board is made up of more than 20 members […]
Deputy Defense Secretary Kathleen Hicks has ordered the Department of Defense chief information officer to oversee the Cybersecurity Maturity Model Certification program. Pentagon CIO John Sherman said his office will continue to work with the defense undersecretary for acquisition and sustainment as the CMMC program changes ownership. He added that under the CIO office, the […]
The Department of Defense’s Office of the Director, Operational Test and Evaluation wants cloud contracts to be renegotiated to include independent cyber assessments. The office also wants future contracts to include a provision that will allow the Pentagon to independently assess cloud infrastructure. DOT&E said in its fiscal year 2021 report that it will continue […]
Government agencies should put zero trust at the center of their cybersecurity investment strategy, according to an official from the National Security Agency. Zero trust is a modern security model dictating that users, devices and systems should not be trusted solely due to their physical or network location or their ownership, according to the National […]
The Department of Homeland Security has established a review board tasked with assessing select cybersecurity incidents. In consultation with the attorney general, DHS created the Cyber Safety Review Board in accordance with President Joe Biden’s May 2021 executive order on modernizing the federal government’s cybersecurity. The CSRB is tasked with developing recommendations on how the […]
Auditors from accounting firm KPMG have spotted 45 control deficiencies and other issues with the Department of Labor’s information security and continuous monitoring controls. According to KPMG’s Labor Department audit for the fiscal year 2021, the issues are related to the department’s cybersecurity function maturity levels. Using the CyberScope web-based tool, auditors tested security controls […]
The Cybersecurity and Infrastructure Security Agency has added eight new entries to its list of known exploited cybersecurity vulnerabilities. Government agencies are required to patch the software flaws in accordance with Binding Operations Directive 22-01, which legally compels agencies to protect government information and information systems, CISA said. The agency issued the binding operational directive […]
The National Academy of Public Administration has recommended putting the White House’s newly established Office of the National Cyber Director in charge of expanding the cybersecurity workforce. Congress confirmed Chris Inglis as the first national cyber director in 2021, tasking him with leading the government’s response to cybersecurity threats and execution of critical cyber policy […]
The Department of Defense is not training its cybersecurity workforce to a degree that is commensurate with the sophistication of its cyber technologies, a top weapons testing official said in an annual report. “There is no cyber defense without cyber defenders,” the Office of the Director, Operational Test and Evaluation said. The department should account […]
The Federal Communications Commission has disallowed China Unicom Americas from providing telecommunications services across the U.S. due to data security concerns. FCC Chairwoman Jessica Rosenworcel said during a committee meeting that it revoked China Unicom’s permit to operate pursuant to the organization’s Section 214 authority, which focuses on carriers providing international services. The same laws […]
