Resource Library

DHS has improved its efforts to secure the nation’s voting systems, but should take additional steps to protect the broader election infrastructure, which includes polling and voting locations and related storage facilities, according to a new report from the DHS Office of Inspector General. The Cybersecurity and Infrastructure Security Agency (CISA) has developed a set […]

The Department of Defense (DoD) has released its eagerly anticipated Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement two major initiatives: the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology and the Cybersecurity Maturity Model Certification (CMMC). The Interim Rule introduces the related clauses DFARS 252.204-7019, Notice of […]

The Department of Defense has issued an interim rule amending the DFARS to implement a DoD Assessment Methodology and the Cybersecurity Maturity Model Certification framework. DoD is implementing a phased rollout of CMMC. Until September 30, 2025, the clause at 252.204–7021, Cybersecurity Maturity Model Certification Requirements, is prescribed for use in solicitations and contracts, including […]

The Federal Aviation Administration, Indian Health Service, and Small Business Administration have deployed tools intended to provide cybersecurity data to support the DHS Continuous Diagnostics and Mitigation program, according to a new report from GAO. However, while all three agencies reported that the program improved their network awareness, none had effectively implemented all key CDM […]

Federal agencies and the Office of Management and Budget (OMB) have taken steps to improve the management of information technology acquisitions and operations and ensure the nation’s cybersecurity through a series of initiatives, GAO reports. As of July 2020, federal agencies had fully implemented 64 percent of the 1,376 IT management-related recommendations that GAO has […]

Blank Rome has contributed an article to the latest edition of Pratt's Privacy and Cybersecurity and Law Report discussing the enactment of California’s Internet of...

GAO was asked to evaluate federal agencies’ cybersecurity requirements and related assessment programs for state agencies. The objectives were to determine the extent to...

The Chemical Facility Anti-Terrorism Standards (CFATS) program within the Department of Homeland Security (DHS) evaluates high-risk chemical facilities’ cybersecurity efforts via inspections that include reviewing policies and procedures, interviewing relevant officials, and verifying facilities’ implementation of agreed-upon security measures. In a recent audit, GAO found that the CFATS program has guidance designed to help the […]

During its audit of the Internal Revenue Service’s (IRS) fiscal years 2019 and 2018 financial statements, GAO identified new deficiencies in information system security controls that along with unresolved control deficiencies from prior audits, collectively represent a significant deficiency in the agency’s internal control over financial reporting systems. Specifically, GAO identified 11 new deficiencies in […]

An inspector general audit to determine whether the Office of the Justice Programs’ Denial of Federal Benefits and Defense Procurement Fraud Debarment Clearinghouse system program and practices were consistent with the requirements of the Federal Information Security Modernization Act, identified weakness in one of the six control areas that need to be strengthened to ensure […]