Author Archive

Chris Riotta

Staff Writer

Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.

FTC warns of legal risks of failing on Log4j mitigation

The Federal Trade Commission issued a warning urging companies to take "reasonable steps" to mitigate known software vulnerabilities or face potential legal consequences, recalling the $700 million settlement Equifax paid for a major breach in 2017.


CISA, FBI issue new guidance on addressing Log4j risks

The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.


DHS scales up bug bounty program

Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.


CISA floats plan to better secure federal civilian email

The Cybersecurity and Infrastructure Security Agency wants to beef up federal civilian email security with CISA-provisioned threat hunting and incident response efforts, according to a request for information published last week.

Cloud & Infrastructure

Lawmakers dig into FedRAMP security

Security weaknesses in the FedRAMP program were raised at a meeting between federal officials and lawmakers ahead of a vote to codify the General Services Administration’s Federal Risk and Authorization Management Program into law.


Feds still unsure of ransomware’s reach

A Department of Homeland Security official suggested the department lacked critical data about ransomware attacks targeting the private sector and government agencies.


CISA directive requires vulnerability fixes in 6 months

A new binding operational directive puts federal civilian agencies on a six-month clock to remediate known vulnerabilities.


Scaling up secure, single sign-on

With nearly $187 million in Technology Modernization Fund investment, GSA will increase’s cybersecurity for current and future users, add equitable identity verification and in-person options for vulnerable populations and make it easier for agencies to provide to more citizens.

Cloud & Infrastructure

GSA plans cloud marketplace

The one-stop shop cloud marketplace would feature both post-award contract management tools and professional IT services, along with basic requirements to ensure cloud solutions comply with the Federal Risk and Authorization Management Program.


White House drafts zero-trust guidance

The administration is looking for comments on strategic guidance containing baseline expectations for agency migrations to a zero-trust architecture.

Emerging Tech

Agencies experiment with augmented reality

The IRS wants to see if augmented reality can help smartphone users better understand tax forms, and the Drug Enforcement Agency wants an AR solution overlays live video from aircraft with advanced mapping information.


CISA launches joint cyber defense effort

The Joint Cyber Defense Collaborative aims to help the U.S. defend against threats to critical infrastructure through information-sharing and defense operations planning.


Water infrastructure rife with cyber vulnerabilities, report says

Between financial constraints and decentralized regulatory control, many water companies lack the resources for the continuous hygiene required for enterprise IT networks that are linked operational technology.


Lawmakers advance cyber legislation

The Senate’s 2022 defense authorization bill and a number of House measures are addressing cyber authorities, domestic microelectronics manufacture, supply chain security and raising cyber awareness among the public.


Rural water utilities vulnerable to cyberattacks

With few employees and little federal compliance training, some small-town water utilities may be unable to defend themselves from cyberattacks.


How government can move out of the ransomware bull’s-eye

By strengthening their defenses – and those of their contractors – agencies can make themselves a less attractive target for ransomware, one cyber expert says.


Cyber EO will drive zero-trust progress

The tight deadlines featured in President Joe Biden's cybersecurity executive order will push agencies to make “meaningful progress” on zero-trust initiatives, federal officials said.


NIST details executive order’s ‘critical software’ categories

To help agencies comply with the Biden administration’s cybersecurity executive order, the National Institute of Standards and Technology posted a new definition of "critical software" for production systems and operational purposes.

Cloud & Infrastructure

Who will pay for the cyber EO mandates?

New marching orders for agencies and technology vendors in the Biden administration's new cybersecurity policy need to be supported in the budget, industry reps say.

Cloud & Infrastructure

GSA plans new cloud BPA for all levels of government

The General Services Administration is considering a multiple-award blanket purchase agreement that would make cloud infrastructure, storage, software and services available to federal agencies and state, local and tribal governments.