The Cybersecurity and Infrastructure Security Agency (CISA) is keeping a close eye on the progress of the Defense Department’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program to improve the security of the defense industrial base (DIB) as CISA considers possible moves in the same direction on the civilian side of the Federal government. […]

Members of a key House cybersecurity subcommittee and a panel of expert witnesses agreed at a May 5 hearing on the pressing need to disrupt ransomware-driven cyber attacks, and aired a variety of strategies to more toward that goal. […]

Ransomware is being prioritized as the first of six “sprints” planned by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on a range of cyber threats due to the gravity of the problem, and because ransomware represents today’s threat, not tomorrow’s. […]

Deterrence of nation-state cyber adversaries comes in many flavors, but the operating model suggested this week by a House Armed Services Committee member lacks neither impact nor directness. […]

As Federal agencies look to modernize their cyber defenses and move to zero trust architecture, Trusted Internet Connection (TIC) 3.0 guidance will help push them along the path, with help from a zero trust use case that is in the pipeline, the TIC program manager said on April 29. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released a new graphic novel on National Superhero Day, but its superhero might not possess your typical superpowers. The fictional story Bug Bytes intends to educate the public on the dangers of dis- and misinformation campaigns, with cybersecurity and journalism skills saving the day. […]

Members of the Cyberspace Solarium Commission are asking the chair and ranking member of the House Appropriations Committee to increase funding for the Cybersecurity and Infrastructure Security Agency (CISA) by at least $400 million, with some of that funding intended to make sure that CISA’s Continuous Diagnostics and Mitigation (CDM) program can quickly deploy security tools. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced that .gov top-level domains will be available at no cost for qualifying organizations beginning immediately – a move that should help on the cybersecurity front especially for smaller governmental entities.   […]

In light of recent supply chain intrusions, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) and National Institute for Standards and Technology (NIST) have released new guidance on defending supply chain software, using the NIST framework to identify and mitigate risks. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) has been busy assessing and identifying security risks for 5G wireless services, which present newfound risks unique to the technology, an NRMC official said April 22. […]

Kevin Cox, who has led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program for the past five-plus years, will be leaving the agency later this year to take on deputy CIO duties at the Department of Justice (DoJ). […]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive (ED) 21-03 that requires Federal civilian departments and agencies running Pulse Connect Secure products “to assess and mitigate any anomalous activity or active exploitation detected on their networks.” […]

The Department of Energy (DoE) – with help from industry and the Cybersecurity and Infrastructure Security Agency (CISA – is kicking off a 100-day effort to improve electric infrastructure cybersecurity, the White House and DoE said today. […]

The Federal government is curtailing its “surge” response to the SolarWinds Orion and Microsoft Exchange hacks after seeing improvements in patching that have helped to remediate the impacts of the cyber attacks, the Biden administration said today. […]

As promised in President Biden’s executive order today that sanctions the Russian government for the SolarWinds Orion cyberattack and other transgressions, U.S. intelligence and law enforcement agencies published a list of five active Russian Foreign Intelligence Service cyberattack vectors that they say need network operators to defend against urgently. […]

President Biden will nominate Jen Easterly, a cyber veteran who helped stand up U.S. Cyber Command, to be the next director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) component, the White House announced Monday. […]

President Biden is proposing $2.1 billion of funding for the Cybersecurity and Infrastructure Security Agency (CISA), along with large scoops of cyber funding for other Federal agencies, according to the White House’s FY 2022 request for discretionary funding released today. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has released finalized versions of two Trusted Internet Connections (TIC) 3.0 use cases that Federal agencies can use to advance their security postures. […]

Following a joint cybersecurity advisory warning of potential vulnerabilities in Fortinet’s cybersecurity operating system from the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA), the company is urging customers to update their software to include the latest patches. […]

Focusing on diversity and inclusion in the cybersecurity space is “paramount” to protecting the United States against cyber risks, female cyber leaders said April 6 during the Women Leaders in Cybersecurity Webinar hosted by the Cybersecurity and Infrastructure Security Agency (CISA). […]

The FBI and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) are warning about advanced persistent threat (APT) actors exploiting a Fortinet vulnerability to gain access to government and other networks, according to an April 2 joint advisory. […]

Back in December 2019, months before the COVID-19 pandemic hit, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a draft document of its Trusted Internet Connections (TIC) 3.0 guidance. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence, the Department of Defense and other entities to recognize National Supply Chain Integrity Month and promote a call to action for strengthening global supply chains. […]

Department of Homeland Security (DHS) Secretary Alejandro Mayorkas on March 31 previewed six “sprints” planned by DHS and its Cybersecurity and Infrastructure Security Agency (CISA) component throughout 2021 to bolster Federal cybersecurity across a range of areas including ransomware, industrial control system (ICS) security, and workforce development. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released supplemental directions to help agencies root out and mitigate vulnerabilities in their Microsoft Exchange on-premises products. […]

The Accreditation Body (AB) in charge of the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program appointed Matthew Travis to serve as the body’s first CEO to oversee day-to-day operations and management. […]

The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) told senators on March 18 that CISA is making efforts to complete deployment at Federal civilian agencies of the first two phases of the Continuous Diagnostics and Mitigation (CDM) program by the end of this year as part of a push to shore up Federal cybersecurity after the SolarWinds Orion hack. […]

Federal CISO Christopher DeRusha said today that new IT modernization and security funding streams stemming from the American Rescue Plan Act represent a “down payment” on extensive work that needs to be done to improve Federal agency network security. […]

The House Homeland Security Committee approved the DHS Industrial Control Systems Capabilities Enhancement Act of 2021 today. […]