The Department of Homeland Security released a binding operational directive on Monday urging federal agencies to continue complying with regulation that requires periodic assessments of critical network vulnerabilities.

BOD 19-02 is directing agencies to take action based on the Cybersecurity and Infrastructure Security Agency’s “Cyber Hygiene” reports under BOD 15-01, which was issued in 2015 to fortify the federal government’s security posture.

BOD 15-01 requires federal agencies to address the vulnerabilities of their internet-facing systems as identified in their Cyber Hygiene reports within 30 days.  As part of the new directive, DHS requires agencies to ensure that critical vulnerabilities identified in Cyber Hygiene reports are remediated within 15 days and high vulnerabilities within 30 days. 

Agencies are also required to ensure that Cyber Hygiene personnel have access to scan their networks. CISA will provide agencies with a remediation plan for overdue corrective actions if the deadline was not followed.

CISA works with the National Cybersecurity and Communications Integration Center as well as the Office of Management and Budget to identify critical cyber vulnerabilities and allocate proper resources for agencies in need of cybersecurity assistance.

The Department of Defense has proposed a new rule to address the use of performance-based payments in contracts, Federal News Network reported Tuesday.

According to the report, the proposed rule would subject all fixed-price contracts to performance-based payments to help companies manage their cash flow and reduce compliance and oversight costs. DoD proposed the policy as an amendment to the Defense Federal Acquisition Regulation Supplement to comply with a provision of the fiscal 2017 National Defense Authorization Act. 

“This rulemaking proposes to remove the DFARS restrictions that limit performance-based payments to amounts not greater than costs incurred up to the time of payment,” according to the Defense Acquisition Regulations System. Comments on the proposed rule will be accepted through July 1.

The Cybersecurity and Infrastructure Security Agency issued a list of national critical functions to guide the federal government and private sector partners in protecting critical infrastructures. The National Critical Functions document highlights the activities of agencies and organizations that significantly contribute to U.S. national security, CISA said in the document released Tuesday. 

Disruption, corruption or dysfunction of such functions could negatively affect the country’s security, economic security and public health or safety, the agency noted. CISA divided the functions into the areas of “supply” for those that provide resources to the public, “distribute” for movement of goods and people, “manage” for a variety of functions and “connect,” which focuses on telecommunications and internet services. 

“Ultimately, the set of National Critical Functions is a launching pad to execute a more advanced approach to cybersecurity and critical infrastructure security and resilience,” the agency said. 

The document “provides a risk management approach that focuses on better understanding the functions that an entity enables or to which it contributes, rather than focusing on a static sector-specific or asset world view.”

The U.S. Air Force conducted the first combat employment of the F-35A Lightning II aircraft as part of the Combined Joint Task Force – Operation Inherent Resolve in Iraq. The service said Tuesday that two of the fighter jets from Hill Air Force Base, Utah, performed an airstrike targeting a tunnel network and weapons cache controlled by the Islamic State group in the Hamrin Mountains. For the mission, the Air Force equipped the F-35As with a Joint Direct Attack Munition to support the airstrike.

“That, combined with low-observable technology, allows us to really complement any combined force package and be ready to support AOR contingencies,” said Lt. Col. Yosef Morris, an F-35A pilot and 4th Fighter Squadron commander. “This jet is smarter, a lot smarter, and so it can do more, and it helps you out more when loading munitions,” said Staff Sgt. Karl Tesch, 380th Expeditionary Aircraft Maintenance Squadron weapons technician.

He added the aircraft carried sensors and advanced radar that helped collect information during the mission in real time. The F-35A can share the information gathered in the field with other F-35 variants, including fourth generation aircraft.