The Cybersecurity and Infrastructure Security Agency (CISA) is looking to set an “aggressive” pace to conduct the rulemaking proceeding necessary to implement recently approved cyber incident reporting legislation, but also indicated today that completion of a rulemaking could be a couple of years away. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is holding a series of public listening sessions aimed at using a community-based effort to advance the conversation around the technologies, policies, and processes required to implement Software Bills of Materials (SBOM), according to a Federal register post published today. […]

The Cybersecurity and Infrastructure Security Agency (CISA) – along with the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering – has released a proposed five-step 5G Security Evaluation Process today for Federal agencies to receive authorization to operate (ATO). […]

MeriTalk recently sat down with Fortinet’s Jim Richberg, public sector CISO, Peter Newton, senior director, product marketing, and Fortinet Federal’s Felipe Fernandez, senior director, system engineering, to gain their insights into how Federal technology teams can integrate all of the components of a zero trust architecture to achieve holistic cybersecurity in a cloud, hybrid, or closed environment. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said today it is “encouraged” by quick Federal agency responses to its May 18 emergency directive to patch or unplug several vulnerable VMware products from agency networks, but did not provide any hard figures on whether agencies met CISA’s May 24 deadline to take action. […]

As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies. […]

Join MeriTalk and Merlin Cyber on June 1 at 10 a.m. for our complimentary Zeroing in on Application and Data webinar, where government and industry IT experts will put the spotlight on the data and application pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. […]

The Cybersecurity and Infrastructure Security Agency (CISA) on May 17 issued a new advisory highlighting how cyber threat-actors are exploiting poor security configurations. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive to Federal government civilian branch agencies running several VMware products to apply updates to those, or remove them from agency networks until updates can be made. […]

The Continuous Diagnostics and Mitigation (CDM) Program – for several years a bedrock asset in the government’s bid to improve Federal agency cybersecurity – is having a decisive impact in furthering agency work on requirements of the Biden administration’s year-old Cybersecurity Executive Order (EO), new research findings from MeriTalk shows. Long before the 2021 Cyber […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory on May 11 – along with Federal law enforcement partners and international allies – that warns of an increase in malicious cyber activity targeting managed service providers (MSPs). […]

One year ago, the Colonial Pipeline ransomware attack set off a chain reaction of cyber initiatives that would forever impact the private and public sectors. […]

General Dynamics Information Technology (GDIT) has appointed Matt Hayden vice president of cyber client engagement. Hayden brings senior leadership experience with the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) component to the new role at GDIT. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Thursday updated a joint cybersecurity advisory regarding malware deployed by Russian state actors as the country continues its war against Ukraine. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) fiscal year (FY) 2023 budget request came in at $2.5 billion – 18 percent more than requested in FY2022 – but CISA Director Jen Easterly told members of Congress that the agency’s funding needs will continue to increase if CISA hopes to meet the goal of being the nation’s cyber defense agency. […]

Reps. Tom Malinowski, D-N.J., and Andrew Garbarino, R-N.Y., on April 28 introduced companion legislation to a Senate bill offered earlier this year that would task Federal agencies with helping the commercial satellite sector improve the security of their networks. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with Federal and international partners, released a list of frequently exploited common vulnerabilities and exposures (CVEs), including the top 15 most exploited CVEs of 2021. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is bringing on Bob Lord – who has served as the first chief security officer for the Democratic National Committee since 2018 – as a senior technical advisor to the agency, CISA announced April 25. […]

As agencies strive to meet changing zero trust security requirements, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said that he’s seeing an increased sense of urgency to implement those requirements to collectively move “the Federal fleet forward.” […]

Wider use of software bills of materials (SBOM) requirements represents a key building block in software security and software supply chain risk management that Federal agencies need to increasingly rely on going forward, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said today. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory April 20, along with Federal law enforcement partners and international allies, that the agency says lays out the “most comprehensive view” of the cyber threat Russia poses to critical infrastructure owners since Russia invaded Ukraine in February. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is seeking industry feedback on two reference documents, one for Secure Cloud Business Applications (SCuBA) and a framework for organization visibility data, according to an April 19 CISA blog post. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said today it adding to its Joint Cyber Defense Collaborative (JCDC) group several private sector firms with expertise in protecting industrial control systems (ICS) and operational technology (OT). […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Energy (DoE), and National Security Agency (NSA), is warning that advanced persistent threat (APT) actors are seeking to gain full access to industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, CISA warned in a cybersecurity advisory April 13. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said the agency is aiming to begin a rulemaking process to implement mandatory cyber incident reporting rules for critical infrastructure owners and operators included in the Fiscal Year 2022 omnibus spending bill signed into law by President Biden last month. […]

Artificial intelligence (AI) and machine learning (ML) capabilities are still coming to bear as Federal agencies continue to understand how these technologies can help drive cloud adoption and evolution. However, to be successful in this environment Federal agencies must understand their security obligations and those of a cloud computing provider to ensure accountability, along with the role that AI/ML plays in security automation, a senior Cybersecurity and Infrastructure Security Agency (CISA) official said. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI) to promote a call to action for organizations to focus on protecting information and communications technology (ICT) supply chains, under the banner “Fortify the Chain.” […]

The Cybersecurity and Infrastructure Security Agency (CISA) held its second Cybersecurity Advisory Committee meeting on March 31, where committee members provided updates on their subcommittee work that will help inform key deliverables for the committee’s next meeting in June. […]

While the zero trust security model has been widely recognized as an effective approach to preventing and mitigating data breaches, an official with the Cybersecurity and Infrastructure Security Agency (CISA) said this week there are several misconceptions Federal agencies have which make them skeptical about adopting the framework. […]