Author Archive
Cybersecurity
FTC warns of legal risks of failing on Log4j mitigation
The Federal Trade Commission issued a warning urging companies to take "reasonable steps" to mitigate known software vulnerabilities or face potential legal consequences, recalling the $700 million settlement Equifax paid for a major breach in 2017.
Cybersecurity
CISA, FBI issue new guidance on addressing Log4j risks
The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.
Cybersecurity
DHS scales up bug bounty program
Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.
Cybersecurity
CISA floats plan to better secure federal civilian email
The Cybersecurity and Infrastructure Security Agency wants to beef up federal civilian email security with CISA-provisioned threat hunting and incident response efforts, according to a request for information published last week.
Cloud & Infrastructure
Lawmakers dig into FedRAMP security
Security weaknesses in the FedRAMP program were raised at a meeting between federal officials and lawmakers ahead of a vote to codify the General Services Administration’s Federal Risk and Authorization Management Program into law.
Cybersecurity
Feds still unsure of ransomware’s reach
A Department of Homeland Security official suggested the department lacked critical data about ransomware attacks targeting the private sector and government agencies.
Cybersecurity
CISA directive requires vulnerability fixes in 6 months
A new binding operational directive puts federal civilian agencies on a six-month clock to remediate known vulnerabilities.
Cybersecurity
Scaling up secure, single sign-on
With nearly $187 million in Technology Modernization Fund investment, GSA will increase Login.gov’s cybersecurity for current and future users, add equitable identity verification and in-person options for vulnerable populations and make it easier for agencies to provide Login.gov to more citizens.
Cloud & Infrastructure
GSA plans cloud marketplace
The one-stop shop cloud marketplace would feature both post-award contract management tools and professional IT services, along with basic requirements to ensure cloud solutions comply with the Federal Risk and Authorization Management Program.
Cybersecurity
White House drafts zero-trust guidance
The administration is looking for comments on strategic guidance containing baseline expectations for agency migrations to a zero-trust architecture.
Emerging Tech
Agencies experiment with augmented reality
The IRS wants to see if augmented reality can help smartphone users better understand tax forms, and the Drug Enforcement Agency wants an AR solution overlays live video from aircraft with advanced mapping information.
Cybersecurity
CISA launches joint cyber defense effort
The Joint Cyber Defense Collaborative aims to help the U.S. defend against threats to critical infrastructure through information-sharing and defense operations planning.
Cybersecurity
Water infrastructure rife with cyber vulnerabilities, report says
Between financial constraints and decentralized regulatory control, many water companies lack the resources for the continuous hygiene required for enterprise IT networks that are linked operational technology.
Cybersecurity
Lawmakers advance cyber legislation
The Senate’s 2022 defense authorization bill and a number of House measures are addressing cyber authorities, domestic microelectronics manufacture, supply chain security and raising cyber awareness among the public.
Cybersecurity
Rural water utilities vulnerable to cyberattacks
With few employees and little federal compliance training, some small-town water utilities may be unable to defend themselves from cyberattacks.
Cybersecurity
How government can move out of the ransomware bull’s-eye
By strengthening their defenses – and those of their contractors – agencies can make themselves a less attractive target for ransomware, one cyber expert says.
Cybersecurity
Cyber EO will drive zero-trust progress
The tight deadlines featured in President Joe Biden's cybersecurity executive order will push agencies to make “meaningful progress” on zero-trust initiatives, federal officials said.
Cybersecurity
NIST details executive order’s ‘critical software’ categories
To help agencies comply with the Biden administration’s cybersecurity executive order, the National Institute of Standards and Technology posted a new definition of "critical software" for production systems and operational purposes.
Cloud & Infrastructure
Who will pay for the cyber EO mandates?
New marching orders for agencies and technology vendors in the Biden administration's new cybersecurity policy need to be supported in the budget, industry reps say.
Cloud & Infrastructure