Cybersecurity and Infrastructure Security Agency
-
Experts say the national cyber strategy was the biggest development of 2023, but several other events also made for an interesting year in cyber.
December 26, 2023 -
More organizations worried about cybersecurity are turning to software bills of material (SBOMS). Getting them from software suppliers as a matter of compliance is one thing. Gaining cybersecurity intelligence from them is another.
December 18, 2023 -
In an email to agencies earlier this fall, CISA says email filtering and DNS sinkholing capabilities are no longer as valuable as they once were and are going away in December.
December 14, 2023 -
New guidance from lead cybersecurity agencies and industry partners provides both individual developers and large companies with software supply chain security best practices
December 13, 2023 -
The addition of security baselines for Google Workspace products comes after CISA already released baseline configurations for Microsoft 365.
December 12, 2023 -
The hackers were likely mapping the unidentified agency's network, but "no evidence is available to confirm successful data exfiltration or lateral movement during either incident," CISA says.
December 06, 2023 -
CISA has released a new secure software attestation form, and it will require the attention at the highest levels of a company.
November 17, 2023 -
CISA now has the equivalent of a perpetual "no-knock warrant" to probe the networks of federal agencies for major cyber vulnerabilities.
October 26, 2023 -
CISA has taken on more responsibilities for the defense of federal agency networks. A new report considers how much farther that should go.
October 23, 2023 -
Two tough new rules from the Federal Acquisition Regulation Council are coming, but originating with the Cybersecurity and Infrastructure Security Agency. They have to do with contractor incident reporting and for how contractors button up unclassified systems.
October 18, 2023 -
GSA plans to centralize its application security program amid a broader push to ensure the government only relies on secure software.
October 13, 2023 -
Recently, MITRE and the Cybersecurity and Infrastructure Security Agency (CISA) released the Open-Sourced Extension of MITRE's Caldera platform, specifically for operational technology. This is meant to be utilized by security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology.
September 29, 2023 -
A shutdown would potentially leave CISA with a skeleton crew to respond to cyber attacks on the networks of federal agencies and critical infrastructure.
September 26, 2023 -
Lawmakers are paying close attention to how CISA revamps its flagship federal cyber programs, like Continuous Diagnostics and Mitigation.
September 21, 2023 -
DHS' recommendations come amid a growing patchwork of cyber incident reporting rules and regulations.
September 19, 2023