Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Drew Myklegard, the deputy federal chief information officer, said the draft memo to update FedRAMP creates a new oversight board and promotes agencies from similar sectors working together approve cloud services.
Gabe Camarillo, the undersecretary of the Army, said to create a culture of continuous improvement, the Army needs to institutionalize how it buys, develops and continually improve its applications.
CISA now has the equivalent of a perpetual "no-knock warrant" to probe the networks of federal agencies for major cyber vulnerabilities.
Randy Resnick is the director of Zero Trust Architecture Program Management Office in the DoD’s CIO’s office. A team of 17 to 18 people will analyze the zero trust plans submitted by 43 services and agencies.
CISA has taken on more responsibilities for the defense of federal agency networks. A new report considers how much farther that should go.
Traditional security controls are insufficient in protecting against major security breaches. They tend to be reactive, static, noncontextualized around threats and are often based on compliance requirements and information technology practices. As a result, traditional security controls are not responsive enough to anticipate, evolve and adapt to threat actors’ behaviors and activities.
Agencies are supposed to protect their data systems from cybersecurity threats, especially those known as high value asset systems. The Homeland Security Department office of inspector general looked at a high value asset system operated by the Transportation Security Administration.
The planned addition of facial recognition to Login.gov comes as GSA attempts to boost the program’s “identity proofing” capabilities.
Two tough new rules from the Federal Acquisition Regulation Council are coming, but originating with the Cybersecurity and Infrastructure Security Agency. They have to do with contractor incident reporting and for how contractors button up unclassified systems.
An urgent report from the Government Accountability Office is aimed at the State Department. GAO called for State to, in its words, "expeditiously get on with a cybersecurity risk management program." State has a plan, now it has to carry it out. For more on this, Federal Drive Host Tom Temin spoke with Jennifer Franks, GAO's Director of Information Technology and Cybersecurity.
Air Force Lt. Col. Andrew Wonpat, a member of the Air National Guard's Cyber Operations Group, said assessing non-traditional traits of employees is proving successful in expanding the pool of qualified cyber workers.
Insider cybersecurity threats are just as potent as Russian and Chinese hackers. Some employees make mistakes, clicking on that bad phishing link. Unhappy or disgruntled employees, that's another matter. Federal Drive Host Tom Temin talk with someone who says such people are far more susceptible than average to social-engineering attacks. Tom's guest was Max Shier, Chief Information Security Officer at Optiv.
NIST is updating its seminal Special Publication 800-53, which forms the basis of federal cyber requirements, to address an urgent gap in identity and authentication measures.
In the pantheon of cybersecurity risks our federal government currently has on its plate, a quantum cyberattack may not be the immediate “front burner” issue. But it’s still a red-hot risk. Cryptographic algorithms secure everything from our industrial control systems to our national defenses to the entire U.S. financial system.