Monday, September 21, 2020

Subscribers Only

Free

Exclusive: CMMC Board Ousts Chairman and Other Top Member

Chairman Ty Schieber and head of communications Mark Berman were voted off the Cybersecurity Maturity Model Certification Accreditation Body after the recent launch of...

Comments on Government Supply Chain Rule Push for Better Definitions and More Time

The more than 30 comments submitted for the interim Federal Acquisition Rule implementing Part B of Section 889 of the 2019 NDAA raise questions related to fundamental compliance issues. The comments generally agree with the intent, but groups representing industry submitted detailed letters outlining compliance challenges. Most asked the government to extend the timelines for […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GSA Adding Supply Chain Requirements to Major Contracts

The General Services Administration is working closely with companies to ensure that new supply chain risk management requirements are appearing in major federal contracts. Keith Nakasone, GSA’s Deputy Assistant Commissioner for Acquisition, Office IT Category, says his office is taking a “proactive approach” by adding SCRM and cybersecurity language to both new and old contracts, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Postal Service Left Vulnerable IT Applications Unaddressed for Years, Inspector General Finds

Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. Six of the IT applications were left on the Postal Service network for up to seven years with […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

House Passes Bipartisan IoT Security Bill to Fix “Glaring Gap” in Cyber Infrastructure

A bipartisan bill setting minimum security standards for Internet of Things devices connected to federal networks passed the House, and awaits a Senate floor vote. The IoT Cybersecurity Improvement Act would require NIST to set best practices for device security. The Office of Management and Budget would then create guidance for agencies to meet or […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

New California Privacy Rights Act on the 2020 Ballot

The California Privacy Rights Act has qualified for the November 2020 ballot, and if California voters approve this initiative, it will expand the rights of California residents under the current California Consumer Privacy Act, beginning on January 1, 2023. Two major provisions include: The creation of the California Privacy Protection Agency, which would have full […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Hackers Connected to China Have Compromised U.S. Government Systems, CISA says

The Cybersecurity and Infrastructure Security Agency reports that sophisticated cyber actors – including those affiliated with China’s Ministry of State Security – are using...

DoD Cybersecurity Certification Body Moving Forward Despite Uncertain Funding

The first class of assessors being trained by the Cybersecurity Maturity Model Certification Accreditation Body should start receiving approval within the coming week, but may not have access to continuous monitoring to conduct initial audits, as the organization struggles to fund its operations. “We don’t have any external funds to pay for things that we […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Security Researchers Slam Voatz Brief to the Supreme Court on Anti-Hacking Law

As the Supreme Court prepares to take up a case with major implications for computer research, a group of high-profile cybersecurity specialists have challenged an amicus brief by Voatz arguing that the three-decade-old Computer Fraud and Abuse Act should only authorize researchers with clear permission to probe computer systems for vulnerabilities, not good-faith researchers who […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Spotting and Mitigating Enforcement Issues Concerning Cybersecurity-Related Controls and Disclosures

The growing frequency and public awareness of cyber incidents, evolution of technologies employed by intruders, and proliferation of personal data and infrastructure vulnerable to attack have all contributed to heightened regulatory scrutiny of corporate cybersecurity measures. Public companies are now expected to publish and update timely disclosures about cybersecurity risks affecting their business, to implement […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.