Tuesday, January 25, 2022

Subscribers Only

Free

FedRAMP Bill Finally Clears Senate Homeland Security Committee

Before the holiday break, the Senate Homeland Security Committee approved the Federal Secure Cloud Improvement and Jobs Act, which would codify and update the Federal Risk and Authorization Management Program, sending it to the Senate floor. This the first time the committee has not killed the bill, which has passed the House four times before. […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Congress Passes NDAA with Boosts to R&D and Cybersecurity

The Senate has overwhelmingly approved the 2022 National Defense Authorization Act, previously passed by the House. President Biden is expected to sign the bill...

The Cybersecurity Incident Reporting Requirements Fail in the Latest Version of the National Defense...

The House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022, which notably excluded any cybersecurity incident reporting requirements. In September,...

NDAA Passes House and Emerges from Conference with Senate, without Mandatory Cyber Reporting

In a hurry to finish before this session of Congress ends, the fiscal 2022 National Defense Authorization Act was passed by the House 363–70...

Senate Committee Evaluates FedRAMP Legislation

The Senate Homeland Security and Governmental Affairs Committee held a hearing about the Federal Secure Cloud Improvement and Jobs Act, sponsored by Senators Gary Peters (D-MI), with Maggie Hassan (D-NH), Josh Hawley (R-MO), and Steve Daines (R-MT). The bill would codify the FedRAMP program, authorize $20 million for operations, and establish a committee to measure […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

The Cyber Incident Reporting Law Gains Traction in Congress

Congress is now taking steps to beef-up cyber security regulations at the federal level. The Senate introduced a bill titled the “Cyber Incident Reporting Act of 2021,” which requires covered entities—meaning an entity that owns or operates critical infrastructure—to promptly report cyber security breaches to a Cyber Incident Review Office, which then receives, aggregates, and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Foreign Influence in Contractor Assessments Raised in Senate FedRAMP Hearing

In testimony before the Senate Homeland Security and Governmental Affairs Committee, Jeff Stern, CEO of cybersecurity firm Chain Security, expressed concern about foreign influence in government contracting, noting that his company had identified at least one case where a third-party assessment organization (3PAO) was owned by a foreign entity. The firm had created a “mitigated […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Portman Wants FedRAMP Bill to Address Supply Chain Security Concerns

Senate Homeland Security and Governmental Affairs Committee Ranking Member Rob Portman (R-OH) wants to tighten the FedRAMP program’s rules for providing secure cloud services to the federal government. A corresponding bill has already been passed by the House as part of the NDAA, but Portman wants to amend the Senate bill introduced by Senators Gary […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Langevin Promotes Legislation for Cyber Threat Information Sharing

Representative James Langevin (D-RI) chairs the House Armed Services Committee’s Cyber, Innovative Technologies, and Information Systems Subcommittee, sits on the Homeland Security Committee, co-founded and chairs the Congressional Cybersecurity Caucus, and served on the Cyberspace Solarium Commission, making him one of the legislature’s leaders on technology matters. One of his priorities is legislation to create […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Feds Say Ransomware Trends Unclear

During a recent hearing, Rob Silvers, undersecretary for strategy, policy, and plans for the Department of Homeland Security, told lawmakers that incomplete reporting prevented him from providing a “definitive assessment” about whether Russian-linked ransomware attacks have decreased since President Biden spoke with Vladimir Putin about the problem in June and July. Deputy National Security Adviser […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.