The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has hired Mona Harrington as deputy assistant director of the National Risk Management Center (NRMC), which houses CISA’s election security team. […]

The latest cyber order released by the Cybersecurity and Infrastructure Security Agency (CISA) gives Federal agencies and industry the resources to stop or limit cybercriminals from infiltrating their systems; Michael Duffy, an associate director at CISA, said. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released the finalized ‘IPv6 Considerations for TIC 3.0’ guidance document today, providing security considerations related to implementing the Trusted Internet Connections (TIC) 3.0 as Federal agencies transition to IPv6. […]

Reps. Yvette Clarke, D-N.Y., and Ritchie Torres, D-N.Y., are seeking more information on efforts by the Cybersecurity and Infrastructure Security Agency (CISA) efforts to reduce security risks to Federal networks through the use of multi-factor authentication (MFA). […]

After studying the SolarWinds and Microsoft Exchange attacks for the past year, the Government Accountability Organization (GAO) detailed the lessons agencies learned and ten critical actions still needed to address major cybersecurity challenges in a new report. […]

Officials from the Cybersecurity and Infrastructure Security Agency (CISA) and within the cybersecurity industry are warning of the potential for threat actors to have already exploited the Log4j vulnerability, but are waiting to pull the trigger on any planned exploits until focus on the vulnerability abates. […]

The Cybersecurity Infrastructure Security Agency (CISA), National Security Agency (NSA), and FBI are warning critical infrastructure owners and operators of Russian threats to domestic critical infrastructure. […]

The Cybersecurity and Infrastructure Security Agency (CISA) added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog on Jan. 10. […]

As agencies accelerate efforts to move to secure cloud services and zero trust architecture in line with the requirements of the Biden administration’s executive order on cybersecurity (EO), many are challenged to close visibility gaps and blind spots in their technology environments. In a MeriTV interview, Sean Connelly, program manager for Trusted Internet Connections at the Cybersecurity and Infrastructure Security Agency (CISA), and Michael Dickman, chief product officer at cloud visibility and analytics firm Gigamon, assessed those visibility gaps and what it will take to close them – ensuring that data is secure across physical, virtual, and cloud networks. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released its Public Safety Communications Security white paper today in an effort to explain the importance of Communications Security (COMSEC), basic elements of a COMSEC program, and how to develop an encryption strategy to prevent and mitigate unauthorized access to information. […]

A month after its first public warnings about the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is continuing to work with Federal agencies and the public to mitigate potential exposure, and also renewing calls for a software bill of materials (SBOM) to aid in system visibility and inventory management. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that it is continuing to help Federal agencies remediate the Log4j vulnerability that CISA first warned about in December. […]

Sen. Gary Peters, D-Mich., is renewing calls for mandatory incident reporting legislation, after meeting virtually with Biden administration cybersecurity leaders on Jan. 5 for a briefing about the Log4j critical vulnerability. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that all large Federal agencies have successfully mitigated the Log4j critical vulnerability that the agency discovered in early December 2021. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has hired Daniel Bardenstein as its new tech and cyber strategy lead. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) is cataloguing significant progress it has made in developing its “National Critical Functions” (NCF) framework, and pointing to next steps in the effort. […]

With the Dec. 24 deadline approaching for Federal agencies to remediate the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed to MeriTalk that there have still been no compromises of Federal agencies via the Apache Log4J vulnerability. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to Federal agencies today, requiring them to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. […]

As dozens of Federal agencies continue to petition the TMF Board for some of the $1 billion of funding that the Technology Modernization Fund (TMF) received from Congress earlier this year, one of the Federal government’s best-positioned officials to offer advice on the process stopped by MeriTalk’s TMF Forward virtual event on Dec. 16 with a bag of tips on how agencies can hone their proposals and clinch funding deals. […]

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the fourth installment on securing the integrity of 5G cloud infrastructures. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said Dec. 14 that there has been no confirmed compromise of any Federal agencies as a result of the Log4j vulnerability. But CISA reiterated it has added the vulnerability to its catalog of known vulnerabilities over the weekend, giving agencies two weeks to remediate and mitigate any potential harm. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released a statement on Dec. 11 with guidance for organizations to protect themselves against the “log4j” critical vulnerability that surfaced over the weekend. […]

While a good bit of the focus on the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act has centered around the lack of incident reporting and other legislative items that were cut from the bill, the defense spending bill that passed the House of Representatives last week continues to retain a variety of important cybersecurity and tech-related provisions. […]

The Cybersecurity and Infrastructure Security Agency (CISA) held its inaugural Cybersecurity Advisory Committee meeting Dec. 10, focusing heavily on how CISA and the committee can increase the Federal and national cybersecurity workforce. […]

The Cybersecurity and Infrastructure Security Agency (CISA) held its first Cybersecurity Advisory Committee meeting today, in which agency officials laid out their expectations for the committee and called for actionable cyber recommendations from committee members that CISA can implement. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released the third installment of the Security Guidance for 5G Cloud Infrastructures four-part series, which is intended to protect the confidentiality, integrity, and availability of data within a 5G core cloud infrastructure. […]

Identity management is one of the main pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model, but CISA’s program lead for the Trusted Internet Connection (TIC) program office Sean Connelly said that while identity is an important pillar, it should not be the only pillar agencies focus on. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced the members of its new Cybersecurity Advisory Committee, which will be tasked with advising and providing recommendations to the CISA director on policies, programs, planning, and training to enhance the nation’s cyber defense. […]

As the Senate returns to work on Nov. 29 with the completion of debate on the Fiscal Year (FY) 2022 National Defense Authorization Act (NDAA) at the top of its agenda, lawmakers will be looking to tack on a host of cybersecurity-related amendments to the defense spending bill. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a request for information (RFI) focused on email security capabilities that will protect Federal networks and the Federal Civilian Executive Branch (FCEB) .gov domain enterprise from threats and strengthen cyber defenses. […]