Resource Library

Following up on President Biden’s July 28, 2021, National Security Memorandum on “Improving Cybersecurity for Critical Infrastructure Control Systems, the Department of Homeland Security (DHS) coordinated with NIST in developing preliminary cybersecurity performance goals that will drive adoption of effective practices and controls. CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories […]

The DHS Office of Inspector General conducted an audit to determine to what extent CISA’s oversight has improved Dams Sector security and resilience since it took up that responsibility in 2018. OIG notes that recent dam failures in California and Michigan, and widespread flooding in the Midwest have highlighted a need for oversight and guidance. […]

The Defense Department Office of Inspector General performed an audit to determine whether the department effectively controlled access to health information of well-known DoD personnel. Using a sample of 38 individuals who had become well-known to the public, GAO determined that DoD “did not effectively control access to health information of well‑known DoD personnel and […]

The Federal Acquisition Security Council (FASC) has issued a final rule to implement the requirements of the laws that govern the operation of the FASC, the sharing of supply chain risk information, and the exercise of the FASC’s authorities to recommend issuance of removal and exclusion orders to address supply chain security risks. This rule […]

Members of the House Homeland Security Committee have sent a letter to National Cyber Director Chris Inglis – with copies to CISA director Jen Easterly and deputy national security advisor Anne Neuberger – asking them to clarify their roles in cybersecurity matters. They ask the cyber leaders to provide an overview of how Inglis’ office […]

In light of the recent and escalating spate of ransomware attacks in the United States and internationally, the Biden administration has made it a top priority to strengthen the nation’s resilience against cyberattacks. Although the Federal Government is taking action by working with international partners and developing policies to disrupt and deter ransomware actors, it […]

The Ransomware Profile defined in this report maps security objectives from the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (also known as the Cybersecurity Framework) to security capabilities and measures that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware […]

The Department of Defense plans to spend $12 billion on its 29 largest business information technology systems during FYs 2019-2022. DoD’s efforts to modernize business systems has been a topic on our High Risk List since 1995. In a recent study, GAO found: 22 programs that were actively developing software reported using approaches that reduced […]

CISA warns that ransomware attacks targeting critical infrastructure such as Colonial Pipeline have demonstrated the rising threat that ransomware poses to operational technology (OT)...

NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a new Preliminary Draft report, NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management. Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional […]