Critical Infrastructure Protection: Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical...
The Chemical Facility Anti-Terrorism Standards (CFATS) program within the Department of Homeland Security (DHS) evaluates high-risk chemical facilities’ cybersecurity efforts via inspections that include reviewing policies and procedures, interviewing relevant officials, and verifying facilities’ implementation of agreed-upon security measures. In a recent audit, GAO found that the CFATS program has guidance designed to help the […]
A year after the Office of Management and Budget launched its new approach to shared services, it has formally designated the Cybersecurity and Infrastructure Security Agency as a cybersecurity shared service center. As a Quality Service Management Office, CISA will provide three main cyber services to start: Security Operations Center standardization Vulnerability Management standardization Domain […]
The Cybersecurity and Infrastructure Security Agency has released cybersecurity guidance documents to advise critical infrastructure operators, businesses, and federal agencies on safe telework practices during the pandemic. Much of the guidance focuses on secure videoconferencing; for federal agencies, CISA urges the use of Zoom for Government, which is different from the commercial service. For infrastructure […]
The Cybersecurity and Infrastructure Security Agency has launched a website dedicated to the needs of companies and individuals who have adopted teleworking. The products on the new webpage include: Cybersecurity Recommendations for Critical Infrastructure Using Video Conferencing Cybersecurity Recommendations for Federal Agencies Using Video Conferencing Guidance for Securing Video Conferencing National Security Agency and CISA […]
The DHS Cybersecurity and Infrastructure Security Agency is reminding government agencies that as their workforces switch to home offices, they are still required to use the approved EINSTEIN 3 Accelerated (E3A) DNS resolution service. In addition to ensuring that address lookups for legitimate services are not hijacked by potentially compromised DNS services, the E3A DNS […]
The Government Accountability Office reports that the Department of Homeland Security and the White House’s Office of Management and Budget – agencies in charge of reforming the federal cybersecurity workforce – haven’t decided which of them is in charge of several tasks for reforming the federal cybersecurity workforce. DHS officials told GAO that it was […]
A task force of DHS's Cybersecurity and Infrastructure Security Agency plans to release supply chain guidance that incorporates aspects of DOD’s Cybersecurity Maturity Model...
A joint advisory published by the UK National Cyber Security Centre and US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency shows that cyber criminals and advanced persistent threat groups are targeting individuals and organizations with a range of ransomware and malware. Examples include emails containing malware which appear to have come from the […]
Federal agencies focused on IT and security are working on a framework and set of use cases identifying the best security practices for federal employees connecting to the internet across a variety of circumstances, a policy known as Trusted Internet Connection 3. CISA has issued draft documents for the effort, and one notion has emerged […]