Saturday, December 4, 2021

Subscribers Only

Free

Critical Infrastructure Protection: Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical...

The Chemical Facility Anti-Terrorism Standards (CFATS) program within the Department of Homeland Security (DHS) evaluates high-risk chemical facilities’ cybersecurity efforts via inspections that include reviewing policies and procedures, interviewing relevant officials, and verifying facilities’ implementation of agreed-upon security measures. In a recent audit, GAO found that the CFATS program has guidance designed to help the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks

In response to a request from Congress for a review of federal agencies’ information and communications technology (ICT) supply chain risk management (SCRM) practices, the Government Accountability Office found that no federal agency had fully implemented the approach. GAO found that few of the 23 civilian Chief Financial Officers Act agencies had implemented seven selected foundational […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO Reviews Actions Taken by Equifax and Federal Agencies in Response to 2017 Breach

The Government Accountability Office has issued a report about the Equifax breach, in which hackers stole the personal data of nearly 150 million people in 2017. Equifax explained that hackers exploited vulnerabilities in the firm’s systems to access and steal data. During an investigation into the breach, Equifax discovered several factors that contributed to the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Defense Acquisitions: DOD’s Cybersecurity Maturity Model Certification Framework

In a new report, the Congressional Research Service examines the Department of Defense’s Cybersecurity Maturity Model Certification framework, offering an overview and analysis of issues for Congress associated with the CMMC framework, and discussing congressional considerations related to DoD’s efforts to mitigate cybersecurity risks and vulnerabilities within the defense industrial base in the performance of its […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

The Rise of Internet of Things Security Laws: Part I

Blank Rome has contributed an article to the latest edition of Pratt's Privacy and Cybersecurity and Law Report discussing the enactment of California’s Internet of...

Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges

Key practices for establishing an agency-wide cybersecurity risk management program include designating a cybersecurity risk executive, developing a risk management strategy and policies to facilitate risk-based decisions, assessing cyber risks to the agency, and establishing coordination with the agency’s enterprise risk management program. Although the 23 agencies GAO reviewed almost always designated a risk executive, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Federal Agencies Need to Coordinate on State Agency Cyber Oversight

GAO was asked to evaluate federal agencies’ cybersecurity requirements and related assessment programs for state agencies. The objectives were to determine the extent to...

The DoD Cybersecurity Policy Chart

In 2013, the DoD Chief Information Officer issued a cybersecurity strategy for the Department. Its four focus areas are: Establish a Resilient Cyber Defense...
executive

GAO Identifies Shortcomings in Agency Implementation of Network Monitoring Program

The Federal Aviation Administration, Indian Health Service, and Small Business Administration have deployed tools intended to provide cybersecurity data to support the DHS Continuous Diagnostics and Mitigation program, according to a new report from GAO. However, while all three agencies reported that the program improved their network awareness, none had effectively implemented all key CDM […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Agencies Need to Fully Implement Key IT Workforce Planning Activities

The GAO conducted a government-wide review of IT workforce planning. It found that federal agencies varied widely in their efforts to implement key information technology workforce planning activities that are critical to ensuring that agencies have the staff they need to support their missions. Specifically, at least 23 of the 24 agencies GAO reviewed partially […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.