Saturday, December 4, 2021

Subscribers Only

Free

GAO: DOE Needs to Ensure Its Plans Fully Address Risks to Distribution Systems

The U.S. grid’s distribution systems—which carry electricity from transmission systems to consumers and are regulated primarily by states—are increasingly at risk from cyberattacks. Distribution systems are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks. As a result, threat actors can use multiple techniques to […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Actions Needed to Ensure CISA’s Organizational Changes Result in More Effective Cybersecurity

To implement the requirements of the Cybersecurity and Infrastructure Security Agency Act of 2018, CISA leadership within the Department of Homeland Security launched an organizational transformation initiative. The act elevated CISA to agency status; prescribed changes to its structure, including mandating that it have separate divisions on cybersecurity, infrastructure security, and emergency communications; and assigned […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Guidance Would Help DoD Programs Better Communicate Weapons System Cyber Requirements

Since GAO’s 2018 report, the Department of Defense (DoD) has taken action to make its network of high-tech weapon systems less vulnerable to cyberattacks. For example, GAO found that selected acquisition programs have conducted, or planned to conduct, more cybersecurity testing during development than past acquisition programs. However, GAO found instances where contracts did not […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO’s Updated High-Risk List Still Spotlights IT and Cybersecurity

The Government Accountability Office's biennial list of high-risk government programs indicates that the federal government regressed – from “met” to “partially met” – in...

NIST Shares Key Practices in Cyber Supply Chain Risk Management Based on Observations from...

A new publication from the National Institute of Standards and Technology (NIST) provides companies, government agencies, and other organizations with a set of practices that any organization can use to manage growing cybersecurity risks associated with their supply chains. NIST researched and compiled these practices knowing that organizations can no longer protect themselves by simply securing their […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Audit of Department of Energy Site Finds Numerous Cybersecurity Management Issues

The Department of Energy’s Office of Inspector General conducted an audit to determine whether an unidentified DOE site effectively manages its cybersecurity program. OIG identified “several areas of immediate concern related to vulnerability management and the authorization of information system operations,” and alerted site management to them. The site is not identified due to the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO Reports on DoD Software Acquisitions

GAO reported in June 2020 that, of the 15 major Department of Defense IT programs selected for review, 11 had decreased their December 2019 cost estimates by 0.03–33.8 percent. In contrast, the remaining four programs experienced increases in their cost estimates, two of them by more than 20 percent. Ten of the 15 programs had […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Defense Acquisitions: DOD’s Cybersecurity Maturity Model Certification Framework

In a new report, the Congressional Research Service examines the Department of Defense’s Cybersecurity Maturity Model Certification framework, offering an overview and analysis of issues for Congress associated with the CMMC framework, and discussing congressional considerations related to DoD’s efforts to mitigate cybersecurity risks and vulnerabilities within the defense industrial base in the performance of its […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks

In response to a request from Congress for a review of federal agencies’ information and communications technology (ICT) supply chain risk management (SCRM) practices, the Government Accountability Office found that no federal agency had fully implemented the approach. GAO found that few of the 23 civilian Chief Financial Officers Act agencies had implemented seven selected foundational […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

NIST Releases Draft Guidance on Internet of Things Device Cybersecurity

Four new publications from the National Institute of Standards and Technology offer recommendations to federal agencies and manufacturers concerning effective cybersecurity for Internet-of-Things devices. These publications help address challenges raised in the recently signed IoT Cybersecurity Improvement Act of 2020, and begin to provide the guidance it mandates. Together, the four documents — NIST Special […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.