Thursday, April 15, 2021

Subscribers Only

Free

Audit of Department of Energy Site Finds Numerous Cybersecurity Management Issues

The Department of Energy’s Office of Inspector General conducted an audit to determine whether an unidentified DOE site effectively manages its cybersecurity program. OIG identified “several areas of immediate concern related to vulnerability management and the authorization of information system operations,” and alerted site management to them. The site is not identified due to the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO Reports on DoD Software Acquisitions

GAO reported in June 2020 that, of the 15 major Department of Defense IT programs selected for review, 11 had decreased their December 2019 cost estimates by 0.03–33.8 percent. In contrast, the remaining four programs experienced increases in their cost estimates, two of them by more than 20 percent. Ten of the 15 programs had […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Defense Acquisitions: DOD’s Cybersecurity Maturity Model Certification Framework

In a new report, the Congressional Research Service examines the Department of Defense’s Cybersecurity Maturity Model Certification framework, offering an overview and analysis of issues for Congress associated with the CMMC framework, and discussing congressional considerations related to DoD’s efforts to mitigate cybersecurity risks and vulnerabilities within the defense industrial base in the performance of its […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks

In response to a request from Congress for a review of federal agencies’ information and communications technology (ICT) supply chain risk management (SCRM) practices, the Government Accountability Office found that no federal agency had fully implemented the approach. GAO found that few of the 23 civilian Chief Financial Officers Act agencies had implemented seven selected foundational […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

NIST Releases Draft Guidance on Internet of Things Device Cybersecurity

Four new publications from the National Institute of Standards and Technology offer recommendations to federal agencies and manufacturers concerning effective cybersecurity for Internet-of-Things devices. These publications help address challenges raised in the recently signed IoT Cybersecurity Improvement Act of 2020, and begin to provide the guidance it mandates. Together, the four documents — NIST Special […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OMB Sets New CDM Data Standards Deadline for Agencies

In a recent memo on FY2021 requirements under the Federal Information Security Management Act, Office of Management and Budget director Russ Vought established new agency deadlines for implementation of continuous diagnostic and mitigation programs. By the end of FY2021, agencies must certify that they have implemented the CDM Program Data Quality Management Plan and are […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OIG Recommends 5 Actions to Strengthen DHS Cyber Workforce

The Department of Homeland Security Office of Inspector General reviewed the department’s information security program for compliance with Federal Information Security Modernization Act requirements, to determine whether its program and practices adequately and effectively protected data and information systems supporting DHS’ operations and assets for FY 2019. In a report partially redacted for the public, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DHS Has Secured the Nation’s Election Systems, but Work Remains to Protect the Infrastructure

DHS has improved its efforts to secure the nation’s voting systems, but should take additional steps to protect the broader election infrastructure, which includes polling and voting locations and related storage facilities, according to a new report from the DHS Office of Inspector General. The Cybersecurity and Infrastructure Security Agency (CISA) has developed a set […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Buy 1 Get 2 Free Special on Cyber Regulations: DoD Interim Rule Unveils 3...

The Department of Defense (DoD) has released its eagerly anticipated Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement two major initiatives: the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology and the Cybersecurity Maturity Model Certification (CMMC). The Interim Rule introduces the related clauses DFARS 252.204-7019, Notice of […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DFARS Interim Rule: Assessing Contractor Implementation of Cybersecurity Requirements

The Department of Defense has issued an interim rule amending the DFARS to implement a DoD Assessment Methodology and the Cybersecurity Maturity Model Certification framework. DoD is implementing a phased rollout of CMMC. Until September 30, 2025, the clause at 252.204–7021, Cybersecurity Maturity Model Certification Requirements, is prescribed for use in solicitations and contracts, including […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.