The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has released a draft binding operational directive that would require federal agencies to have a vulnerability disclosure policy.Read More »
The Department of Homeland Security aims to develop an approach for government chief information security officers to assign and compare risk scores to agency networks, Federal News Network reported Friday.
The 2019 FISMA guidance now requires federal organizations to submit a justification memorandum to procure monitoring products and services not covered under CDM contracts.
The justification document must be sent to the CDM program management office, OMB resource management office and the Federal Chief Information Officer’s cybersecurity team.
OMB has also permitted the use of existing resources that align with CDM requirements but are not acquired through General Services Administration contracts.
The National Institute of Standards and Technology will hold a workshop on July 11 to gather stakeholder insights on cybersecurity and risk management for devices connected to the internet of things. The Considerations for Managing IoT Cybersecurity and Privacy Risks Workshop will help NIST develop federal guidelines on the protection of …Read More »
Sen. Dianne Feinstein (D-California) has introduced a bill that will clarify directives the secretary of the Department of Homeland Security can implement for the protection of federal computer systems. The Federal Network Protection Act allows the DHS secretary to issue Binding Operational Directives for the removal of compromised systems on federal …Read More »
The Office of Management and Budget has released a memorandum that requires federal civilian agencies to submit their annual Federal Information Security Modernization Act reports to OMB and the Department of Homeland Security by March 1, 2018, MeriTalk reported Wednesday. Agencies should also file their FISMA reports with the Government …Read More »
Inspector General: IRS Cybersecurity Center Should Improve Incident Reporting, Employee Training Activities
The Treasury Department‘s inspector general for tax administration has urged the Internal Revenue Service‘s cybersecurity center to address gaps in its employee training and incident reporting and response efforts. TIGTA said in a report published Aug. 28 it reviewed 100 cyber incidents in fiscal years 2015 and 2016 and found that IRS’ Computer …Read More »
The Office of Management and Budget has issued a new memorandum that aims to reduce reporting requirements for federal agencies, NextGov reported Thursday. OMB Mick Mulvaney revoked several directives in the areas of information technology, procurement, financial management, performance management and customer service. OMB eliminated five memoranda on IT security that were issued …Read More »
A study led by the Department of Homeland Security‘s science and technology directorate has offered recommendations for the federal government to manage the security of mobile devices being used by agency employees. DHS said Thursday it submitted the report titled “Study on Mobile Device Security” to Congress in accordance with the Cybersecurity Act …Read More »