The Senate Armed Services Committee's version of the fiscal year 2024 defense authorization bill includes measures on cyber incident information sharing and implementing guidance on "memory-safe software programming."
Thursday, April 24, 2025
Thursday, April 24, 2025
Key Issues RTX earnings Army budget 'Transforming in Contact'
The Senate Armed Services Committee's version of the fiscal year 2024 defense authorization bill includes measures on cyber incident information sharing and implementing guidance on "memory-safe software programming."
Two large defense contractor associations see a disconnect between the Cybersecurity and Infrastructure Security Agency's draft common form for self-attesting the security of software from contractors and the document behind the upcoming new policy, the NIST Secure Software Development Framework.
A new memorandum from the White House Office of Management and Budget and acting National Cyber Director Kemba Walden provides details on the Biden administration's fiscal year 2025 cyber priorities for agencies broken down by resourcing needs to meet the goals of the five pillars in the national cyber strategy.
An updated version of the Pentagon's no-cost contract with its independent Cybersecurity Maturity Model Certification accreditation body shows the changes made to their relationship in response to DOD's revamp of its cyber certification program in 2021, according to the amended contract obtained by Inside Cybersecurity.
Lawmakers have revealed their Defense Department cyber priorities for fiscal year 2024 in the House and Senate versions of the annual defense authorization bill, which were approved at the committee level in both chambers this week.
The House Armed Services cyber subcommittee on Tuesday unanimously approved its portion of the fiscal year 2024 defense authorization bill, with members praising bipartisan work to develop the legislation and how it addresses threats from China.
The House Armed Services Committee today kicks off a series of fiscal year 2024 defense authorization bill mark-ups, with the cyber subcommittee set to consider tech-focused measures including directing the Defense Department to develop an intellectual property strategy, moving the Defense Innovation Unit and studies on cyber initiatives.
The Office of Management and Budget has issued a memorandum refining upcoming requirements for federal contractors that will self-attest to the security of their software, extending the deadline for compliance and adding policy conditions for addressing gaps in attestation.
The Small Business Administration's Office of Advocacy will get a chance to provide feedback on the upcoming rulemaking to establish the Pentagon's cyber certification program before it is finalized, according to chief counsel Major Clark, who spoke with Inside Cybersecurity on how SBA is involved in the review process.
The National Institute of Standards and Technology will hold a webinar on June 6 to provide an overview of changes in the first draft of revision three for Special Publication 800-171, a foundational document that guides how agencies set cyber policy for contractors on protecting sensitive federal data.
The National Institute of Standards and Technology, in the first draft of Special Publication 800-171 Rev. 3, is proposing new security measures for organizations handling sensitive federal data that more closely align NIST's massive catalog of security and privacy controls and allow for more flexibility in assessing risk.
More tech companies are interested in joining the defense industrial base, according to Ross Nodurft, who leads the public-sector-focused Alliance for Digital Innovation, but uncertainties over how much it will cost to comply with the upcoming Pentagon cyber certification program that has faced delays is a top concern.
The National Defense Information Sharing and Analysis Center has published a supply chain handbook for small business manufacturing designed to help companies address "specific and common challenges" by offering use cases and ideas to address them.
Steve Shirley, executive director of the National Defense Information Sharing and Analysis Center, sees an opportunity for the Defense Department and Cybersecurity and Infrastructure Security Agency to work together on incident reporting as the Pentagon starts to expand its voluntary information sharing program and CISA implements a regime for critical infrastructure.
The Defense Department has issued a proposed rule to expand its Defense Industrial Base Cybersecurity information-sharing program to include more contractors who hold sensitive data for the services and DOD agencies, in response to an increased interest in wider community participation.
SAN FRANCISCO -- Contracting attorney Robert Metzger offered two potential reasons behind why the Pentagon's process to issue a rulemaking implementing its Cybersecurity Maturity Model Certification program is delayed, following a panel discussion at an industry event here at the RSA conference.
SAN FRANCISCO -- The Federal Acquisition Security Council completed a lot of work to make sure the process for issuing removal and exclusion orders for untrustworthy equipment on federal systems is deliberate and risk-based, according to National Institute of Standards and Technology supply chain leader Jon Boyens, who participated in a panel with leaders behind the Defense Department's cyber certification program.
The annual RSA conference in San Francisco kicks off Monday with a focus this year on the national cyber strategy, operational collaboration, hardware and software security and more in keynote sessions and panels running through Thursday.
The Aerospace Industries Association is urging its members to achieve the current cyber requirements in defense contracts regarding National Institute of Standards and Technology Special Publication 800-171 and accompanying documentation as uncertainty continues over when the Pentagon's Cybersecurity Maturity Model Certification program will launch.
Stacy Bostjanick, chief of defense industrial base cybersecurity, says industry should expect to see a rulemaking in June that will expand the Pentagon's incident reporting program for companies who currently have a defense contract to the wider defense industrial base that handles controlled unclassified information.