The Federal Deposit Insurance Corporation’s inspector general said in a report that the agency does not implement good cybersecurity practices for its systems and its users. According to the IG’s report, the FDIC had multiple issues, including account configuration, access management, privileged account management, Windows system maintenance, active directory policies and procedures, and audit logging […]
The President’s Council of Advisers on Science and Technology has established a working group dedicated to strengthening U.S. network protection and recovery capabilities against cyberattacks and is seeking public feedback to determine how to accomplish that task. PCAST wants to be informed on assessment methods for interconnected digital systems, investments to maintain resiliency and approaches […]
The National Sanitation Foundation International Strategic Registrations has been designated a third-party assessment organization for Cybersecurity Maturity Model Certification, allowing it to evaluate whether prospective Department of Defense contractors have complied with certain controlled unclassified information protection requirements. CMMC compliance is meant to assist defense industry companies with meeting contractual cybersecurity requirements, NSF-ISR said. The […]
The National Security Agency has released a new cybersecurity information sheet to mitigate cyber threats faced by identity, credential and access management capabilities through zero trust. The Advancing Zero Trust Maturity Throughout the User Pillar CSI defines capability and maturity levels for ICAM systems and highlights the role that zero trust would play in protecting […]
The Cybersecurity and Infrastructure Security Agency has established a pilot program to address rising ransomware attacks. CISA created the Ransomware Vulnerability Warning Pilot under the Cyber Incident Reporting for Critical Infrastructure Act through which organizations can receive early warnings about system vulnerabilities that make them prone to ransomware attacks. Recently, over 90 organizations were informed […]
The Cybersecurity and Infrastructure Security Agency has signed a memorandum of understanding with the nonprofit organization Women in CyberSecurity to collaborate on efforts to attract more women to cyber roles. CISA is expected to join WiCys’ mentorship program to pair experienced women in cybersecurity with those new to the field. Jen Easterly, director of CISA […]
The Department of Defense wants to allow its cybersecurity employees to transition in and out of the department to improve their skill sets. The Pentagon’s 2023-2027 cyber workforce strategy focuses on collaborative workforce efforts between the government, private and academic institutions and foreign allies. It also calls on the DOD to prioritize exposure engagements, such […]
A new bill is seeking to establish a $10 million grant program to help small clean water and wastewater utilities better defend their systems from cyberattacks. The federal funding would be used to subsidize the fees associated with joining the Water Information Sharing and Analysis Center, a nonprofit organization comprising water and wastewater utility managers […]
A vulnerability in Xtream has been added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog. XStream contains a remote code execution vulnerability that an attacker can exploit to execute a local command on the server by manipulating the processed input stream and replacing or injecting objects. VMware Cloud Foundation, which uses the […]
Cyber deception company Acalvio Technologies has partnered with Carahsoft Technology to make its solutions available to the public sector. Carahsoft would offer Acalvio’s Active Defense Platform and ShadowPlex Advanced Threat Defense solutions through its reseller partners, the NASA Solutions for Enterprise-Wide Procurement V, the IT Enterprise Solutions-Software 2, the National Cooperative Purchasing Alliance and other […]
