Federal Chief Information Security Officer (CISO) Chris DeRusha gave broad credit today to Federal agencies for making marked improvements in cybersecurity over the past few years, and cited the ability of one larger agency – which he did not name – with being able to take particularly quick action in the face of the Ivanti vulnerabilities that the government began warning about in January. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is leading an effort to update the National Cyber Incident Response Plan (NCIRP) by the end of 2024, as directed in the Biden administration’s National Cybersecurity Strategy released earlier this year. CISA, in close coordination with the Office of the National Cyber Director (ONCD), is embarking on a […]

Federal Chief Information and Security Officer (CISO) Chris DeRusha said today that as the Federal government is making real progress on cybersecurity, his “cup is actually half empty” when it comes to the security of AI. […]

With the growing need for enhanced cybersecurity for Federal agencies and critical infrastructure across the United States, Federal Chief Information and Security Officer (CISO) Chris DeRusha made it clear that the U.S. must keep its “foot on the gas pedal” to keep pace with technological advancements and cyber threats. […]

The Office of Management and Budget (OMB) is actively focused on getting guidance out to agencies on the responsible use of artificial intelligence (AI) within the Federal government, Federal Chief Information and Security Officer (CISO) Chris DeRusha said this week. […]

Federal Chief Information Security Officer (CISO) Chris DeRusha said this week that the Federal civilian government has made considerable progress on both the tactical and culture fronts in efforts to implement zero trust security architectures at Federal agencies that stem from the Biden administration’s 2021 cybersecurity executive order. […]

Federal Chief Information Security Officer (CISO) Chris DeRusha said late Thursday that new cybersecurity metrics are helping the Federal government to better measure its success in moving towards an improved risk posture. […]

Although the Federal government has made progress in protecting U.S. critical infrastructure through a largely voluntary approach, Federal Chief Information Security Officer (CISO) Chris DeRusha today called for minimum cybersecurity requirements for critical infrastructure. […]

Federal Chief Information Security Officer (CISO) Chris DeRusha explained today how the National Cybersecurity Strategy (NCS) and implementation plan released by the Office of the National Cyber Director (ONCD) earlier this year lines up nicely with the goals of improving Federal government cybersecurity, but also warned that the prevalence of legacy IT systems still being used by many Federal agencies continues to stand in the way of security improvements. […]

Federal Chief Information Security Officer Chris DeRusha said this week that the Office of Management and Budget (OMB) is preparing to publicly release a common attestation form for software makers as part of the Federal government’s larger push to create a more secure software supply chain as mandated by President Biden’s cybersecurity executive order issued in May 2021. […]

One of the Federal government’s top cybersecurity officials said today that the Biden administration is requesting roughly $12 billion in fiscal year (FY) 2024 funding in connection with efforts to roll out zero trust security across the entire government, and voiced concern about the fate of the security push if Congress acts to roll back government funding levels to FY2022 levels. […]

If you’ve been wondering how much the Federal government is investing in its sweeping effort to migrate to zero trust security architectures, the answer to that question may be coming this week. […]

The Office of Management and Budget (OMB) has released a new “progress report” on the state of cybersecurity across Federal agencies, just in time for the 15th edition of the FITARA Scorecard issued today by the House Oversight and Reform Committee. […]

Cybersecurity issues are likely to be front and center at the House Government Operations Subcommittee’s Dec. 15 hearing at which the panel will unveil the 15th edition of the House Oversight and Reform Committee’s FITARA (Federal Information Technology Acquisition Reform Act) Scorecard. […]

The Office of Management and Budget (OMB) today issued marching orders to Federal agencies to take action to comply with National Institute of Standards and Technology (NIST) guidance for the use of secure supply chain software, as ordered by President Biden’s cybersecurity executive order issued in May 2021. […]

As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies. […]

Chris DeRusha, who wears the dual hats of Federal Chief Information Security Officer (CISO) and Deputy National Cyber Director for Federal Cybersecurity in the Office of the National Cyber Director, charted some near-term policy goals on the security front during a keynote address on May 19 at MeriTalk’s Cyber Central May 2022 – Mission: Cyber Resilience in-person conference. […]

Federal government cybersecurity leaders told House members today that the government has made very significant progress in executing the Biden administration’s cybersecurity executive order (EO) issued a year ago, but also reminded lawmakers that funding is key to continued success in implementing crucial tenets of the order. […]

Federal Chief Information Security Officer Chris DeRusha gave a relatively upbeat assessment today on strides that Federal IT leadership and agencies have been making on implementing the Cybersecurity Executive Order that the Biden administration issued ten months ago. […]

The year 2021 has played out as a non-stop whirlwind of activity for the Federal IT community – one unprecedented in recent memory for new policy direction, funding pushes, and urgency to improve network security. […]

Federal Chief Information Security Officer Chris DeRusha said the Technology Modernization Fund (TMF) board – on which he sits – is looking to agencies that won awards from the fund earlier this year to pursue zero trust security projects to act as a group of pathfinders who can inform the zero trust transition work of other Federal agencies going forward. […]

Jordan Burris – who serves as chief of staff for Federal CIO Clare Martorana, Deputy Federal CIO Maria Roat, and Federal Chief Information Security Officer (CISO) Chris DeRusha – will leave the Office of Management and Budget (OMB) November 12, he announced in a LinkedIn post. […]

The Technology Modernization Fund (TMF) got a $1 billion boost in March’s American Rescue Plan, and the TMF board saw a massive influx of TMF requests that it has been working on adjudicating. At a Senate Homeland Security and Governmental Affairs hearing today, Federal chief information security officer (CISO) Chris DeRusha updated senators on the status of that extra TMF funding. […]

Federal Chief Information Security Officer Chris DeRusha said today that working to update the Federal Information Security Management Act (FISMA) – and generate more useful Federal agency cybersecurity metrics as a result – are among his top priorities currently. […]

Federal Chief Information Security Officer  (CISO) Chris DeRusha today offered an expansive set of ideas for how Congress may undertake reform of the Federal Information Security Modernization Act (FISMA) of 2014 to bring the existing law up to speed with the fast-moving security improvement work underway throughout the Federal government following the release of President Biden’s cybersecurity executive order in May. […]

Federal CISO Chris DeRusha said today that the ongoing solicitation of Federal agency bids for money from the Technology Modernization Fund (TMF) is drawing a lot of interest in security-related projects – one of the four primary areas that the TMF Board identified earlier this year as ones it would prioritize as it works to deploy up to $1 billion of new funding capacity from the American Rescue Plan Act. […]

Federal Chief Information Security Officer Chris DeRusha explained today that the foundational elements of the Continuous Diagnostics and Mitigation (CDM) program are fundamental to moving Federal government network security to zero trust concepts and that implementation of the program only becomes more important as cyber threats increase. […]

Senior Federal IT experts – including the current and former Federal CISO and the Pentagon’s top IT official – are expressing broad agreement that the necessary ingredients are at hand to begin implementing zero trust security concepts for government networks, and that the time to act is now. […]

The combined response of the Federal government and the private sector to the Russia-based cyberattack of government and business networks via SolarWinds Orion software is making for a promising use case for addressing major incidents in the future, said Federal Chief Information Security Officer (CISO) Chris DeRusha on April 22. […]

The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) told senators on March 18 that CISA is making efforts to complete deployment at Federal civilian agencies of the first two phases of the Continuous Diagnostics and Mitigation (CDM) program by the end of this year as part of a push to shore up Federal cybersecurity after the SolarWinds Orion hack. […]