A working group led by the National Security Agency and the Cybersecurity and Infrastructure Security Agency has developed and published an identity and access management guide to help system administrators enhance their defenses against malicious cyber actors using legitimate credentials to access critical data and systems. Administrators are encouraged to adopt best practices, including deploying […]
The Cybersecurity and Infrastructure Security Agency is asking Congress to approve $424.9 million in fiscal year 2024 funding for the development of a new Cyber Analytics and Data System. According to Eric Goldstein, CISA’s executive assistant director for cybersecurity, the CADS will facilitate data ingestion and integration and will serve as a single data repository […]
The Department of Homeland Security has added three of Nozomi Networks’ security solutions to the Approved Products List of the Continuous Diagnostics and Mitigation program, which aims to support the cybersecurity efforts of participating agencies by compiling certified tools and services. CEO Edgard Capdevielle said the addition of his company’s products to the APL demonstrates […]
The Securities and Exchange Commission has proposed a new cyber incident reporting rule that would require financial institutions to inform the agency of compromises within two days and to review their policies and procedures annually. According to the SEC, the new rule would help it learn more about the cyber risks that financial institutions face […]
The Cybersecurity and Infrastructure Security Agency revealed that two hacking groups, including Vietnam-based criminal organization XE Group, obtained access to the Microsoft Internet Information Services server of at least one federal agency where they executed unauthorized code. According to a joint cybersecurity advisory from CISA, the FBI and the Multi-State Information Sharing and Analysis Center, […]
The Federal Deposit Insurance Corporation’s inspector general said in a report that the agency does not implement good cybersecurity practices for its systems and its users. According to the IG’s report, the FDIC had multiple issues, including account configuration, access management, privileged account management, Windows system maintenance, active directory policies and procedures, and audit logging […]
The President’s Council of Advisers on Science and Technology has established a working group dedicated to strengthening U.S. network protection and recovery capabilities against cyberattacks and is seeking public feedback to determine how to accomplish that task. PCAST wants to be informed on assessment methods for interconnected digital systems, investments to maintain resiliency and approaches […]
The National Sanitation Foundation International Strategic Registrations has been designated a third-party assessment organization for Cybersecurity Maturity Model Certification, allowing it to evaluate whether prospective Department of Defense contractors have complied with certain controlled unclassified information protection requirements. CMMC compliance is meant to assist defense industry companies with meeting contractual cybersecurity requirements, NSF-ISR said. The […]
The National Security Agency has released a new cybersecurity information sheet to mitigate cyber threats faced by identity, credential and access management capabilities through zero trust. The Advancing Zero Trust Maturity Throughout the User Pillar CSI defines capability and maturity levels for ICAM systems and highlights the role that zero trust would play in protecting […]
The Cybersecurity and Infrastructure Security Agency has established a pilot program to address rising ransomware attacks. CISA created the Ransomware Vulnerability Warning Pilot under the Cyber Incident Reporting for Critical Infrastructure Act through which organizations can receive early warnings about system vulnerabilities that make them prone to ransomware attacks. Recently, over 90 organizations were informed […]
