The Cybersecurity and Infrastructure Security Agency has released a new roadmap for securing open-source software in the government. From fiscal years 2024 to 2026, the agency aims to establish its role in the effort, improve its understanding of OSS usage and risks, address such risks and harden the broader ecosystem. Eric Goldstein, CISA’s executive assistant […]
John Sherman, the Department of Defense’s chief information officer and a 2023 Wash100 winner, said his organization will soon evaluate military and internal zero trust strategies to ensure compliance with 2027 targets. He told attendees at the Billington Cybersecurity Summit on Thursday that the various DOD components and service branches are expected to submit plans […]
A group of senators has introduced the Small Business Cyber Resiliency Act, which seeks the creation of a government unit to protect small businesses from cyber threats. The bill will establish the Central Small Business Cybersecurity Unit within the Small Business Administration. The unit will create a public repository of cybersecurity resources for small businesses; […]
The Department of Health and Human Services has increased threat information sharing with federal agencies, scientific research institutions, medical device manufacturers and other organizations for improved cyber incident prevention. Speaking at the Billington Cybersecurity Summit, Karl Mathias, chief information officer for HHS, said the agency has enhanced information sharing in recent years through its Health […]
The Cybersecurity and Infrastructure Security Agency has added extended internet-of-things solutions provider NetRise to the Continuous Diagnostics and Mitigation Program‘s Approved Product List. NetRise’s automated platform provides XIoT users enhanced visibility and protects organizations from firmware-based attacks and threats through continuous risk monitoring and identification. The platform also generates a software bill of materials, performs […]
Carahsoft Technology has signed an agreement to serve as a public sector distributor of Semperis’ identity threat detection and response platform. The solution’s contracts will be made available through Carahsoft’s resellers and the National Association of State Procurement Officials’ ValuePoint, National Cooperative Purchasing Alliance and OMNIA Partners. The partnership with Carahsoft dovetails with the expansion […]
The Cybersecurity and Infrastructure Security Agency is working to integrate access management capabilities into its Continuous Diagnostics and Mitigation program to further strengthen the cyber defenses of federal agencies. CDM is currently focused on mitigating vulnerabilities and cyber incidents in federal systems, including the recent exploitation of a structured query language injection vulnerability in Progress […]
Six K-12 software providers have committed to developing products with enhanced security. PowerSchool, Classlink, Clever, GG4L, Instructure and D2L voluntarily signed a pledge for K-12 education technology software manufacturers in line with the Cybersecurity and Infrastructure Security Agency’s secure-by-design whitepaper. By signing the pledge, the companies agree to take ownership of customer security outcomes, embrace […]
The Department of Justice announced on Tuesday that Verizon Business Network Services has agreed to a $4.1 million settlement to resolve False Claims Act allegations of failure to fully satisfy cybersecurity controls on government contracts. The claims stemmed from lapses in three cybersecurity controls required in internet connection and other external network contracts that the unit […]
Not-for-profit organization Mitre has released an extension for its open-source Caldera platform to enable automated exercises replicating threats to operational technology, which are hardware and software that detect or change industrial equipment and processes through monitoring and control. Caldera is an adversary emulation platform built on Mitre Att&ck and is aimed at supporting cybersecurity personnel […]
