Saturday, June 1, 2024
The program office behind the Pentagon's cyber certification program and civilian agencies are identifying issues over the use of "organization-defined parameters" in the latest draft update to NIST Special Publication 800-171, a foundational document on the handling of controlled unclassified information.
Senate Homeland Security Committee Chairman Gary Peters (D-MI) and Sen. James Lankford (R-OK) have offered a package of cyber bills for inclusion in the fiscal year 2024 defense authorization bill, including legislation to reform the Federal Information Security Modernization Act and address other cyber priorities, as work continues this week to pass the Senate's version of the major defense policy bill.
The Professional Services Council wants the National Institute of Standards and Technology to consider how to align NIST's foundational guidance on handling controlled unclassified information with other cyber procurement requirements, including the Pentagon's cyber certification program.
The Senate Armed Services Committee's version of the fiscal year 2024 defense authorization bill includes measures on cyber incident information sharing and implementing guidance on "memory-safe software programming."
Two large defense contractor associations see a disconnect between the Cybersecurity and Infrastructure Security Agency's draft common form for self-attesting the security of software from contractors and the document behind the upcoming new policy, the NIST Secure Software Development Framework.
A new memorandum from the White House Office of Management and Budget and acting National Cyber Director Kemba Walden provides details on the Biden administration's fiscal year 2025 cyber priorities for agencies broken down by resourcing needs to meet the goals of the five pillars in the national cyber strategy.
An updated version of the Pentagon's no-cost contract with its independent Cybersecurity Maturity Model Certification accreditation body shows the changes made to their relationship in response to DOD's revamp of its cyber certification program in 2021, according to the amended contract obtained by Inside Cybersecurity.
Lawmakers have revealed their Defense Department cyber priorities for fiscal year 2024 in the House and Senate versions of the annual defense authorization bill, which were approved at the committee level in both chambers this week.
The House Armed Services cyber subcommittee on Tuesday unanimously approved its portion of the fiscal year 2024 defense authorization bill, with members praising bipartisan work to develop the legislation and how it addresses threats from China.
The House Armed Services Committee today kicks off a series of fiscal year 2024 defense authorization bill mark-ups, with the cyber subcommittee set to consider tech-focused measures including directing the Defense Department to develop an intellectual property strategy, moving the Defense Innovation Unit and studies on cyber initiatives.
The Office of Management and Budget has issued a memorandum refining upcoming requirements for federal contractors that will self-attest to the security of their software, extending the deadline for compliance and adding policy conditions for addressing gaps in attestation.
The Small Business Administration's Office of Advocacy will get a chance to provide feedback on the upcoming rulemaking to establish the Pentagon's cyber certification program before it is finalized, according to chief counsel Major Clark, who spoke with Inside Cybersecurity on how SBA is involved in the review process.
The National Institute of Standards and Technology will hold a webinar on June 6 to provide an overview of changes in the first draft of revision three for Special Publication 800-171, a foundational document that guides how agencies set cyber policy for contractors on protecting sensitive federal data.
The National Institute of Standards and Technology, in the first draft of Special Publication 800-171 Rev. 3, is proposing new security measures for organizations handling sensitive federal data that more closely align NIST's massive catalog of security and privacy controls and allow for more flexibility in assessing risk.
More tech companies are interested in joining the defense industrial base, according to Ross Nodurft, who leads the public-sector-focused Alliance for Digital Innovation, but uncertainties over how much it will cost to comply with the upcoming Pentagon cyber certification program that has faced delays is a top concern.
The National Defense Information Sharing and Analysis Center has published a supply chain handbook for small business manufacturing designed to help companies address "specific and common challenges" by offering use cases and ideas to address them.
Steve Shirley, executive director of the National Defense Information Sharing and Analysis Center, sees an opportunity for the Defense Department and Cybersecurity and Infrastructure Security Agency to work together on incident reporting as the Pentagon starts to expand its voluntary information sharing program and CISA implements a regime for critical infrastructure.
The Defense Department has issued a proposed rule to expand its Defense Industrial Base Cybersecurity information-sharing program to include more contractors who hold sensitive data for the services and DOD agencies, in response to an increased interest in wider community participation.
SAN FRANCISCO -- Contracting attorney Robert Metzger offered two potential reasons behind why the Pentagon's process to issue a rulemaking implementing its Cybersecurity Maturity Model Certification program is delayed, following a panel discussion at an industry event here at the RSA conference.
SAN FRANCISCO -- The Federal Acquisition Security Council completed a lot of work to make sure the process for issuing removal and exclusion orders for untrustworthy equipment on federal systems is deliberate and risk-based, according to National Institute of Standards and Technology supply chain leader Jon Boyens, who participated in a panel with leaders behind the Defense Department's cyber certification program.