Chairman Ty Schieber and head of communications Mark Berman were voted off the Cybersecurity Maturity Model Certification Accreditation Body after the recent launch of...
The more than 30 comments submitted for the interim Federal Acquisition Rule implementing Part B of Section 889 of the 2019 NDAA raise questions related to fundamental compliance issues. The comments generally agree with the intent, but groups representing industry submitted detailed letters outlining compliance challenges. Most asked the government to extend the timelines for […]
The General Services Administration is working closely with companies to ensure that new supply chain risk management requirements are appearing in major federal contracts. Keith Nakasone, GSA’s Deputy Assistant Commissioner for Acquisition, Office IT Category, says his office is taking a “proactive approach” by adding SCRM and cybersecurity language to both new and old contracts, […]
Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. Six of the IT applications were left on the Postal Service network for up to seven years with […]
A bipartisan bill setting minimum security standards for Internet of Things devices connected to federal networks passed the House, and awaits a Senate floor vote. The IoT Cybersecurity Improvement Act would require NIST to set best practices for device security. The Office of Management and Budget would then create guidance for agencies to meet or […]
The California Privacy Rights Act has qualified for the November 2020 ballot, and if California voters approve this initiative, it will expand the rights of California residents under the current California Consumer Privacy Act, beginning on January 1, 2023. Two major provisions include: The creation of the California Privacy Protection Agency, which would have full […]
The Cybersecurity and Infrastructure Security Agency reports that sophisticated cyber actors – including those affiliated with China’s Ministry of State Security – are using...
The first class of assessors being trained by the Cybersecurity Maturity Model Certification Accreditation Body should start receiving approval within the coming week, but may not have access to continuous monitoring to conduct initial audits, as the organization struggles to fund its operations. “We don’t have any external funds to pay for things that we […]
As the Supreme Court prepares to take up a case with major implications for computer research, a group of high-profile cybersecurity specialists have challenged an amicus brief by Voatz arguing that the three-decade-old Computer Fraud and Abuse Act should only authorize researchers with clear permission to probe computer systems for vulnerabilities, not good-faith researchers who […]
Spotting and Mitigating Enforcement Issues Concerning Cybersecurity-Related Controls and Disclosures
The growing frequency and public awareness of cyber incidents, evolution of technologies employed by intruders, and proliferation of personal data and infrastructure vulnerable to attack have all contributed to heightened regulatory scrutiny of corporate cybersecurity measures. Public companies are now expected to publish and update timely disclosures about cybersecurity risks affecting their business, to implement […]