Carol Woody, principal researcher for the Software Engineering Institute at Carnegie Mellon University, said focusing exclusively on SBOMs can run the risk of missing the other half of the problem: How is the software purchaser going to use it, and what risks are inherent in that use?
This new rule gives the Federal Acquisition Security Council the ability to tell contractors when to exclude or remove a product deemed risky.
In the months following the arrest of Airman 1st Class Jack Teixeira, a member of the Massachusetts Air National Guard, for leaking national security secrets to his friends on Discord, the Defense Department has released new policies and procedures for how it handles classified information.
You can't manage what you can't measure. That's the idea behind a professional association known as the Factor Analysis of Information Risk (FAIR) Institute. The group seeks to advance quantitative measurement and management of risk to information, including in federal organizations.
Almost everything the government buys in the future could look like cybersecurity with some other product attached, if new proposed rules from the Federal Acquisition Regulation council take effect early next year. That's more a matter of when than if. Attorney Townsend Bourne, a partner at Sheppard Mullin, has read the proposed rules and joins Federal Drive host Tom Temin for this discussion.
The acquisition rules stem from recent cyber incidents like the SolarWinds breach.
Cyber threats continue to evolve challenging agencies with efforts not only to keep up with the technology, but to find and keep the right people who can stay one step ahead.
Cyber companies were left holding the bag of bid and proposals costs to the tune of hundreds of thousands of dollars when the Air Force abruptly cancelled a huge multiple award contract.
Andre Mendes, the chief information officer at the Department of Commerce, was one of several agency technology executives pushing for more consistency around cyber metrics under the FITARA scorecard.
The size and far-flung nature of the tax agency means that it has begun numerous cyber projects that can help it meet the administration’s zero trust demands. But Treasury IG team’s four recommendations aim to help IRS harmonize its efforts.
Recently, MITRE and the Cybersecurity and Infrastructure Security Agency (CISA) released the Open-Sourced Extension of MITRE's Caldera platform, specifically for operational technology. This is meant to be utilized by security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology.
The new center will focus on both setting security standards and ensuring U.S. advances in AI aren't stolen by foreign adversaries.
A shutdown would potentially leave CISA with a skeleton crew to respond to cyber attacks on the networks of federal agencies and critical infrastructure.
Join us for a panel discussion with moderator, Tom Temin, and agency and industry leaders who will discuss the latest thinking in achieving mission assurance and data protection using zero trust, segmentation and monitoring strategies.
NSA, OPM and the State Department are using new tactics and methods to recruit and retain cyber workers as these positions become harder to fill.