Amid escalating violence in Ukraine and sanctions meant to hobble Moscow, the Senate has passed a landmark cybersecurity package that bundles three substantial measures - mandatory incident reporting for critical infrastructure, an update to federal IT security strategy, and FedRAMP authorization.
The House Oversight and Reform Committee today advanced its version of the Federal Information Security Modernization Act of 2022, which entails cybersecurity updates for federal civilian agencies. The bipartisan measure was sent to the full House on a voice vote.
An audit from the U.S. Energy Department's Inspector General finds that the agency is prone to making the same cybersecurity mistakes year-after-year. This includes exposing critical infrastructure, including nuclear facilities, to outside hacking and attacks.
HHS continues to improve its information security program, but it needs to take steps to address a number of ongoing weaknesses, according to a new watchdog agency report. What are those glaring weaknesses, which are also, unfortunately, common at many healthcare organizations?
A watchdog agency report highlighting data security violations by a Department of Veterans Affairs medical contractor offers a reminder to all healthcare organizations about similar risks their business associates can pose - especially if BAs are inadequately monitored.
President Obama has tapped veteran CIO Tony Scott as the top government IT official whose responsibilities include overseeing agencies' compliance with FISMA, the law that governs federal government IT security.
We're taking a different tack at GovInfoSecurity this year, recognizing information security leaders who have never appeared on any of our five previous Top Influencers lists. Find out who made the top 10.
The sponsor of Senate-approved FISMA reform, Tom Carper, says it's not a done deal because the House has a dispute over which committee - Homeland Security or Oversight and Governmental Reform - has jurisdiction over the legislation.
Put together, two IRS audits illustrate a major concern many security pros have about FISMA audits: They're checklists of whether organizations comply with regulations that require specific processes but do not determine if the processes are effective.
With fewer employees, and still fewer - if any - IT security experts on staff, small federal agencies face challenges not confronted by larger ones, and congressional auditors say DHS and OMB should give them more help.
A Senate committee has approved legislation to reform the 12-year-old law that governs federal information security, plus two other cybersecurity-related bills. The full Senate will now consider the measures.
Legislation before the House to excise from federal law the requirement that NIST work with the NSA on cybersecurity standards wouldn't likely stop the two federal agencies from continuing to collaborate.
As the number of cybersecurity incidents increase, departments and agencies are doing a better job of complying with the law that governs IT security in the U.S. federal government, a new report to Congress from the White House says.
The Defense Department's plan to adopt NIST's risk management framework. means that, for the first time, defense, intelligence and civilian federal agencies will use the same set of risk management standards.