Tuesday, January 25, 2022

Subscribers Only

Free

DHS, NIST Coordinate in Releasing Preliminary Cybersecurity Performance Goals for Critical Infrastructure Control Systems

Following up on President Biden’s July 28, 2021, National Security Memorandum on “Improving Cybersecurity for Critical Infrastructure Control Systems, the Department of Homeland Security (DHS) coordinated with NIST in developing preliminary cybersecurity performance goals that will drive adoption of effective practices and controls. CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Can Improve Efforts to Ensure Dam Security and Resilience

The DHS Office of Inspector General conducted an audit to determine to what extent CISA’s oversight has improved Dams Sector security and resilience since it took up that responsibility in 2018. OIG notes that recent dam failures in California and Michigan, and widespread flooding in the Midwest have highlighted a need for oversight and guidance. […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Private Health Information of Well-Known Defense Department Personnel is Accessible to Other DoD Personnel

The Defense Department Office of Inspector General performed an audit to determine whether the department effectively controlled access to health information of well-known DoD personnel. Using a sample of 38 individuals who had become well-known to the public, GAO determined that DoD “did not effectively control access to health information of well‑known DoD personnel and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OMB Finalizes Federal Acquisition Security Council

The Federal Acquisition Security Council (FASC) has issued a final rule to implement the requirements of the laws that govern the operation of the FASC, the sharing of supply chain risk information, and the exercise of the FASC’s authorities to recommend issuance of removal and exclusion orders to address supply chain security risks. This rule […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

House Homeland Security Committee Asks Federal Cybersecurity Leaders to Explain Their Roles

Members of the House Homeland Security Committee have sent a letter to National Cyber Director Chris Inglis – with copies to CISA director Jen Easterly and deputy national security advisor Anne Neuberger – asking them to clarify their roles in cybersecurity matters. They ask the cyber leaders to provide an overview of how Inglis’ office […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Protecting Your Business Against Ransomware Attacks: A Primer

In light of the recent and escalating spate of ransomware attacks in the United States and internationally, the Biden administration has made it a top priority to strengthen the nation’s resilience against cyberattacks. Although the Federal Government is taking action by working with international partners and developing policies to disrupt and deter ransomware actors, it […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

NIST: Cybersecurity Framework Profile for Ransomware Risk Management

The Ransomware Profile defined in this report maps security objectives from the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (also known as the Cybersecurity Framework) to security capabilities and measures that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Software Development: DoD Faces Risks and Challenges in Implementing Modern Approaches and Addressing Cybersecurity...

The Department of Defense plans to spend $12 billion on its 29 largest business information technology systems during FYs 2019-2022. DoD’s efforts to modernize business systems has been a topic on our High Risk List since 1995. In a recent study, GAO found: 22 programs that were actively developing software reported using approaches that reduced […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Warns of Ransomware Threat to Operational Technology and Control Systems

CISA warns that ransomware attacks targeting critical infrastructure such as Colonial Pipeline have demonstrated the rising threat that ransomware poses to operational technology (OT)...

Ransomware Risk Management: Preliminary Draft NISTIR 8374 Available for Comment

NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a new Preliminary Draft report, NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management. Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.