The Cybersecurity and Infrastructure Security Agency (CISA) said today it is “encouraged” by quick Federal agency responses to its May 18 emergency directive to patch or unplug several vulnerable VMware products from agency networks, but did not provide any hard figures on whether agencies met CISA’s May 24 deadline to take action. […]
Tags
CISA
As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies. […]
Join MeriTalk and Merlin Cyber on June 1 at 10 a.m. for our complimentary Zeroing in on Application and Data webinar, where government and industry IT experts will put the spotlight on the data and application pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. […]
The Cybersecurity and Infrastructure Security Agency (CISA) on May 17 issued a new advisory highlighting how cyber threat-actors are exploiting poor security configurations. […]
The Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive to Federal government civilian branch agencies running several VMware products to apply updates to those, or remove them from agency networks until updates can be made. […]
The Continuous Diagnostics and Mitigation (CDM) Program – for several years a bedrock asset in the government’s bid to improve Federal agency cybersecurity – is having a decisive impact in furthering agency work on requirements of the Biden administration’s year-old Cybersecurity Executive Order (EO), new research findings from MeriTalk shows. Long before the 2021 Cyber […]
The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory on May 11 – along with Federal law enforcement partners and international allies – that warns of an increase in malicious cyber activity targeting managed service providers (MSPs). […]
One year ago, the Colonial Pipeline ransomware attack set off a chain reaction of cyber initiatives that would forever impact the private and public sectors. […]
General Dynamics Information Technology (GDIT) has appointed Matt Hayden vice president of cyber client engagement. Hayden brings senior leadership experience with the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) component to the new role at GDIT. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Thursday updated a joint cybersecurity advisory regarding malware deployed by Russian state actors as the country continues its war against Ukraine. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) fiscal year (FY) 2023 budget request came in at $2.5 billion – 18 percent more than requested in FY2022 – but CISA Director Jen Easterly told members of Congress that the agency’s funding needs will continue to increase if CISA hopes to meet the goal of being the nation’s cyber defense agency. […]
Reps. Tom Malinowski, D-N.J., and Andrew Garbarino, R-N.Y., on April 28 introduced companion legislation to a Senate bill offered earlier this year that would task Federal agencies with helping the commercial satellite sector improve the security of their networks. […]
The Cybersecurity and Infrastructure Security Agency (CISA), along with Federal and international partners, released a list of frequently exploited common vulnerabilities and exposures (CVEs), including the top 15 most exploited CVEs of 2021. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is bringing on Bob Lord – who has served as the first chief security officer for the Democratic National Committee since 2018 – as a senior technical advisor to the agency, CISA announced April 25. […]
As agencies strive to meet changing zero trust security requirements, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said that he’s seeing an increased sense of urgency to implement those requirements to collectively move “the Federal fleet forward.” […]
Wider use of software bills of materials (SBOM) requirements represents a key building block in software security and software supply chain risk management that Federal agencies need to increasingly rely on going forward, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said today. […]
The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory April 20, along with Federal law enforcement partners and international allies, that the agency says lays out the “most comprehensive view” of the cyber threat Russia poses to critical infrastructure owners since Russia invaded Ukraine in February. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is seeking industry feedback on two reference documents, one for Secure Cloud Business Applications (SCuBA) and a framework for organization visibility data, according to an April 19 CISA blog post. […]
The Cybersecurity and Infrastructure Security Agency (CISA) said today it adding to its Joint Cyber Defense Collaborative (JCDC) group several private sector firms with expertise in protecting industrial control systems (ICS) and operational technology (OT). […]
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Energy (DoE), and National Security Agency (NSA), is warning that advanced persistent threat (APT) actors are seeking to gain full access to industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, CISA warned in a cybersecurity advisory April 13. […]
The Cybersecurity and Infrastructure Security Agency (CISA) said the agency is aiming to begin a rulemaking process to implement mandatory cyber incident reporting rules for critical infrastructure owners and operators included in the Fiscal Year 2022 omnibus spending bill signed into law by President Biden last month. […]
Artificial intelligence (AI) and machine learning (ML) capabilities are still coming to bear as Federal agencies continue to understand how these technologies can help drive cloud adoption and evolution. However, to be successful in this environment Federal agencies must understand their security obligations and those of a cloud computing provider to ensure accountability, along with the role that AI/ML plays in security automation, a senior Cybersecurity and Infrastructure Security Agency (CISA) official said. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI) to promote a call to action for organizations to focus on protecting information and communications technology (ICT) supply chains, under the banner “Fortify the Chain.” […]
The Cybersecurity and Infrastructure Security Agency (CISA) held its second Cybersecurity Advisory Committee meeting on March 31, where committee members provided updates on their subcommittee work that will help inform key deliverables for the committee’s next meeting in June. […]
While the zero trust security model has been widely recognized as an effective approach to preventing and mitigating data breaches, an official with the Cybersecurity and Infrastructure Security Agency (CISA) said this week there are several misconceptions Federal agencies have which make them skeptical about adopting the framework. […]
On December 13, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive that called for agencies to disconnect or turn off any SolarWinds Orion products by noon the following day, due to an exploit of Orion network monitoring software that posed a “grave risk” to agencies, critical infrastructure providers, and other private-sector organizations. […]
The White House released President Biden’s fiscal year (FY) 2023 budget request today, with a top-line number of $5.8 trillion and featuring proposals to spend $10.9 billion for civilian cybersecurity measures – marking an 11 percent increase in civilian agency cyber spending from reported FY2022 levels. […]
Federal cybersecurity agencies along with the Department of Energy (DOE) have published a new cyber advisory that talks about several Russian hacks on the energy sector between 2011 and 2018 that are the subject of a Department of Justice (DOJ) indictment unsealed this week against Russian actors for those past attacks. […]
Top officials from the Cybersecurity and Infrastructure Security Agency (CISA) said they briefed more than 13,000 industry stakeholders on March 22 about the Federal government’s latest warning about possible Russian cyberattacks that may be directed against U.S. critical infrastructure sectors. […]
Federal agencies are showing urgency and pushing hard to meet challenging zero trust security implementation deadlines following rollout of the Office of Management and Budget’s (OMB) zero trust strategy in January, government and industry experts agreed during a March 15 webinar hosted by MeriTalk and Merlin Cyber. […]