/
OMB Issues FY25 FISMA Reporting Guidance
Published on
OMB Issues FY25 FISMA Reporting Guidance

The Office of Management and Budget has released a memorandum to provide agencies with fiscal year 2025 reporting guidance and deadlines in compliance with the Federal Information Security Modernization Act of 2014, or FISMA.

The document dated Wednesday was signed by OMB Director Shalanda Young.

CISA’s Responsibilities

The memo seeks to ensure that the Cybersecurity and Infrastructure Security Agency works closely with federal agencies to establish a coordinated incident response infrastructure.

To advance this effort, CISA will continue to provide OMB with monthly data on federal agencies’ progress in implementing the Continuous Diagnostics and Mitigation program, which is designed to help agencies monitor vulnerabilities in their IT systems in near real-time.

Beginning in FY 2025, CISA will start assessing the capabilities outlined in a 2021 memo to capture the number of endpoints running endpoint detection and response tools and facilitate comparison with manually reported data in CyberScope.

IoT and OT Inventory

To improve the U.S. government’s cybersecurity posture, agency chief information officers should work with asset operators and owners to maintain an enterprise-wide inventory of Internet of Things and operational technology assets.

Inventories should include details about the make, model and specifications of OT and IoT systems, vendor or manufacturer information, network connectivity, software and firmware versions, and security controls.

The memo also includes sections addressing cybersecurity logging, requirements for FISMA reporting to OMB and the Department of Homeland Security, CIO reporting, and other incident reporting requirements.

/
DOE to Back QIS Research Projects in High Energy Physics
Published on
DOE to Back QIS Research Projects in High Energy Physics

The Department of Energy has announced the availability of $71 million in funding over five years to support 25 research projects that will advance the use of quantum information science, or QIS, to make new discoveries in high energy physics.

DOE said Thursday it selected the projects through a competitive peer review process as part of a funding opportunity announcement for the second iteration of the Quantum Information Science Enabled Discovery program, or QuantISED 2.0.

“Quantum information science is opening up new ways for us to understand and explore the universe,” said Regina Rameika, associate director of science for high energy physics at DOE. “With these projects, we are supporting scientists in developing quantum technologies that will empower the next generation of theory and experiment in high energy physics.”

Project Focus Areas

Some of the projects will explore superconducting qubits, atomic sensors and other QIS technologies to improve the sensitivity of experiments searching for new phenomena and use existing and near-future quantum devices to conduct data analysis at particle colliders and address problems in quantum field theory.

/
White House Orders Additional Actions to Strengthen US Cybersecurity
Published on
White House Orders Additional Actions to Strengthen US Cybersecurity

President Joe Biden has signed an executive order that outlines additional measures to improve the country’s cybersecurity by enhancing the U.S. government’s cyber sanctions authorities against ransomware attackers and other threat actors and improving accountability for software and cloud service providers.

Advancing Software Security

The White House said Thursday the EO directs the director of the Office of Management and Budget and secretary of the Department of Homeland Security to recommend contract language requiring software providers to submit to the Cybersecurity and Infrastructure Security Agency machine-readable secure software development attestations, high-level artifacts to validate those attestations.

Software vendors should also submit to CISA a list of their Federal Civilian Executive Branch agency software customers.

The new policy requires the National Institute for Standards and Technology to develop guidance on how to securely deploy software updates to prevent cyber incidents and directs the General Services Administration to create a policy that would require cloud providers to submit suggestions for how clients can secure their use of cloud offerings.

Promoting the Use of AI for Cyber Defense

The EO launches a public-private partnership to implement artificial intelligence to defend critical energy infrastructure from cyberthreats and directs research and development of AI-based cybersecurity tools and techniques.

The measure also seeks to accelerate the adoption of post-quantum technologies and calls for the development of new cybersecurity contract requirements for agency-procured space systems.

//
SDA Seeks New Tech to Enhance PWSA Capability Layers
Published on
SDA Seeks New Tech to Enhance PWSA Capability Layers

The Space Development Agency has issued a broad agency announcement to solicit new systems, technologies and capabilities to upgrade future tranches of the Proliferated Warfighter Space Architecture, a U.S. military sensing, custody and data transport capability in low Earth orbit.

Published through the updated Systems, Technologies and Emerging Capabilities BAA, the requirements are anticipated to advance existing and upcoming capability layers and mission areas of the PWSA to address evolving warfighter needs, SDA said Wednesday.

Requirement for Novel Tech and Risk Reduction Prototypes

Specifically, SDA requires architecture studies, concepts of operations, modeling and simulation, system designs, key technologies and risk reduction prototypes, which will be used for resilient warfighter communications, advanced/alternate position, navigation and timing, advanced target custody, warning, tracking and defeat, and global battle management.

The effort will support SDA’s mission of developing and deploying certain areas of PWSA capabilities, including integrating leap-ahead improvements for the infrastructure’s transport, battle management, tracking, custody, navigation, and ground and launch layers.

Interested parties are advised to submit executive summaries and proposal abstracts ahead of their full proposals to ensure interest and funding availability. Submissions will be accepted until Jan. 14, 2026.

/
NIST Awards $6.3B to Natcast for Long-Term NSTC Operation
Published on
NIST Awards $6.3B to Natcast for Long-Term NSTC Operation

The National Institute of Standards and Technology has granted Natcast a $6.3 billion contract for the long-term operation of the National Semiconductor Technology Center.

The Department of Commerce said Thursday Natcast will continue developing the NSTC enabling to operate more efficiently, particularly in streamlining the prototyping process and accelerating innovations for a more sustainable semiconductor workforce. The aim is to solidify the United States’ advantage in the semiconductor industry while aligning with the vision of the CHIPS and Science Act.

The award builds upon the commitment to invest more than $5 billion in the NSTC. In addition, it follows the previously announced $1.1 billion awarded by the CHIPS National Advanced Packaging Manufacturing Program, or NAPMP, to Natcast for advanced packaging activities and capabilities at the CHIPS for America NSTC Prototyping and NAPMP Advanced Packaging Piloting Facility.

Secretary of Commerce Gina Raimondo, remarked, “The NSTC represents the foundation for the next wave of technological breakthroughs, serving as the anchor institution where the future of semiconductor innovation will be shaped. This long-term agreement with Natcast will help close the gap between invention and commercialization, build a resilient semiconductor workforce, and advance both our national and economic security.”

Deirdre Hanford, Natcast CEO, added, “The NSTC represents a once-in-a-generation opportunity to build the shared infrastructure, resources, workforce and collaboration necessary to secure America’s global leadership position in semiconductor technology.”

In February 2024, the government invested $5 billion in the NSTC to boost domestic chip research and development.

/
DLA Launches New Supplier Pathway Program Search Feature
Published on
DLA Launches New Supplier Pathway Program Search Feature

The Defense Logistics Agency has launched a new tool for small business owners to obtain the contact details for the supply chain of the items or services they are offering.

The agency said Thursday interested businesses can now use a search function on DLA’s Small Business webpage to get in touch with specific contacts.

Supplier Pathway Program

The new search tool represents the initial phase of the Supplier Pathway program designed to guide new vendors in navigating the government’s contracting processes. It also makes it easier for these new entrants, particularly small business owners, to understand the nuances of contracting with DLA.

In utilizing the search tool, users simply enter the supply or service they are offering. This will provide them with search results related to the product or service code and the name of the managing DLA supply chain. The results will also show links to particular supply chains, giving contractors the data they need; this includes instructions about procurement processes and policies.

DLA Vice Director Brad Bunn said, “Arming small businesses with the information they need to create pathways for contracting with us is just one way we’re working to expand our industrial base partnerships. Stronger ties with small businesses will ultimately strengthen our industrial base and lead us to solutions for tough challenges like logistics in a contested environment.”

The next phase of the Supplier Pathway program will provide the detailed step-by-step process necessary to collaborate with DLA.

/
Audit Tackles Agency Cyber Workforce Practice Implementation
Published on
Audit Tackles Agency Cyber Workforce Practice Implementation

The Government Accountability Office on Thursday released a report detailing the results of a study it had conducted on five federal non-military departments to determine the extent to which they had implemented 15 key cybersecurity workforce management practices.

Study Parameters

GAO said in the report that it selected the five agencies — the Department of Commerce, the Department of Health and Human Services, the Department of Homeland Security, the Department of the Treasury and the Department of Veterans Affairs — because they had the largest number of cybersecurity employees.

In turn, the 15 workforce management practices by which the agencies were evaluated were identified via a review of IT and cybersecurity workforce practices articulated in GAO’s own Key Principles for Effective Strategic Workforce Planning and the Workforce Planning Guide of the Office of Personnel Management.

Inconsistent Implementation of Workforce Practices

GAO revealed in the report that only the DHS showed a consistent implementation of relevant workforce practices, having fully implemented 14 while partially implementing one. The other agencies showed a mix of full, partial and non-implementation, with the HHS fully implementing the fewest and not implementing the most.

According to the government watchdog, the uneven implementation was partially attributable to the agencies handling the management of their cyber workforces at the component level instead of at the departmental level.

Potential Security Issues

“Until the departments implement these practices, they will likely be challenged in having a cybersecurity workforce with the necessary skills to protect federal IT systems and enable the government’s day-to-day functions,” GAO went on to say.

/
Navy Publishes Memo on Mitigating Technical Debt
Published on
Navy Publishes Memo on Mitigating Technical Debt

The Department of the Navy has made public a new memorandum developed to reduce technical debt across installations. In a press release published Thursday, the Navy said the document aims to strengthen mission readiness and advance sustainability across the organization.

Meredith Berger, assistant secretary of the Navy for energy, installations and environment and chief sustainability officer, collaborated with Jane Overslaugh Rathbun, chief information officer at DON and a Wash100 winner, to create the memorandum titled CSO Serial Six: Technical Debt. 

Mitigating Vulnerabilities Through Modernization

A technical debt refers to outdated systems that create cyber vulnerabilities and impact operational efficiency. The CSO Serial Six memorandum plans to remedy the issue through four actions, starting with exercises to find vulnerabilities in military systems, test responses to cyber incidents and strengthen cybersecurity. 

The CSO also recommended investing in new technologies that not only improve workforce productivity but also boost energy efficiency and overall sustainability. According to the memo, outdated systems cause various challenges such as frequent disruptions and downtime. The adoption of cloud services, for example, can eliminate downtime and facilitate collaboration, leading to more streamlined operations. 

The memo also calls for the use of innovative cooling technologies and the implementation of responsible electronic equipment practices. Both actions support the DON’s sustainability goals. 

“These actions will provide more reliable and efficient systems, which will enhance mission readiness, operational cost efficiency, and increase user productivity,” said Berger. “Through sustainability, we support an agile, resilient, and ready force equipped to meet the demands of today’s missions and stay ahead of future requirements.” 

The CSO Serial Six: Technical Debt is the sixth memorandum Berger’s office has published. The first five memoranda focused on infrastructure resilience, water security, nature-based resilience, sustainable supply and acquisition, and shore energy and decarbonization.

/
NASA Assigns Mary Beth Schwartz, David Korth to Johnson Center Posts
Published on
NASA Assigns Mary Beth Schwartz, David Korth to Johnson Center Posts

NASA has announced the appointments of Mary Beth Schwartz as head of center operations directorate at the Johnson Space Center and David Korth as deputy for Johnson’s safety and mission assurance directorate.

Schwartz, who has been working with NASA for almost 20 years after starting as an intern, was the immediate former deputy of Johnson’s center operations directorate, according to her LinkedIn profile. Her previous positions in the agency include senior chair of the payload safety review panel for the International Space Station and Space Shuttle programs.

She also worked as manager of safety and mission assurance business office and led its budget consolidation and integration functions. A graduate of bachelor of science in mechanical engineering from the University of Houston, Schwartz has received the NASA Exceptional Service medal the NASA Honor and Silver Snoopy awards.

Vanessa Wyche, Johnson Space Center director, cited Schwartz’s “unique perspective” in focusing center operations not only on mission and customer goals but also employee experience.

“I appreciate her vision for the organization, commitment to the mission and overall genuine respect of the workforce,” she said.

Korth’s Background

Wyche also acknowledged Korth’s track record meriting his appointment as Johnson’s safety and mission assurance directorate deputy, calling him an “outstanding leader and engineer” with a full grasp on the agency’s safety procedures.

“His leadership will ensure the center continues its safety-first ideology,” Wyche commented.

Korth has worked at NASA for over 17 years and held the role of deputy manager of the ISS Avionics and Software Office before his new appointment. He also previously served as deputy manager of the ISS Systems Engineering Office where he concurrently headed procurement for the NASA commercial destination program. 

His NASA career started in 1998 as an engineer in the ISS operations planning group, bringing with him over eight years of experience in the Houston-based aerospace company Barrios Technology. He also previously worked part-time for five years as an adjunct mathematics instructor at Lee College. 

Korth has earned several career recognitions, including a Rotary National Award for Space Achievement, two NASA Outstanding Leadership medals and a NASA Exceptional Achievement medal. He holds a bachelor’s degree in aerospace engineering from Texas A&M University and a master’s degree in statistics from the University of Houston-Clear Lake.

//
NSA Publishes Recommendations to Address Software Comprehension
Published on
NSA Publishes Recommendations to Address Software Comprehension

The National Security Agency, in partnership with other federal agencies, has released a cybersecurity information sheet, or CSI, outlining recommended actions to address software understanding gaps.

The CSI was finalized in coordination with the Cybersecurity and Infrastructure Security Agency, the Defense Advanced Research Projects Agency and the Office of the Under Secretary of Defense for Research and Engineering, NSA said Thursday. The document highlights the need for systems owners and operators to construct their software-controlled infrastructure across normal, abnormal and hostile conditions.

Software Understanding as Critical Effort

According to NSA Research Technical Director Neal Ziring, the report urges the government and private sectors to treat software understanding as a critical effort to the country’s success in the future.

“A lack of understanding of software imposes risks on many critical systems that are dependent on software to run properly and as intended,” he noted.

The new report pushes for enhanced collaboration to achieve “a more vigorous understanding of software on a national scale,” CISA said in a separate release, adding the U.S. government is already involved in activities, such as research investments and mission agency initiatives, seeking to improve software understanding.

Policy Actions, Innovations and Investment

Titled “Closing the Software Understanding Gap,” the CSI says software understanding gaps can be addressed by implementing policies that require characterizing software behavior before it is deployed into critical systems. The document also calls for the introduction of technical innovations, such as artificial intelligence, to develop reliable and affordable capabilities. Additionally, stakeholders are encouraged to invest in research, development and engineering for a unified set of software understanding capabilities.

1 166 167 168 169 170 2,656