Federal CISO Council Archives

Michael Duffy is pictured speaking onstage in a room at the Washington Convention Center. The stage is illuminated in a deep blue light and he is visible via a livestream on two large screens that flank the stage. — Michael Duffy, acting federal chief information security, spoke during a fireside chat at the Billington Cybersecurity Summit in Washington Sept. 9, 2025. He outlined his priorities for the CISO Council and previewed an upcoming tabletop exercise on readiness.

Acting federal cyber chief outlines his three priorities for the next year

Michael Duffy is centering conversations with cyber leaders on enterprise cyber defense, increasing operational resilience, and securing a modern U.S. government.

Sep 9, 2025 By Madison Alder

Acting Federal CISO Mike Duffy speaks during CyberTalks on Oct. 30, 2024, in Washington, D.C. (Scoop News Group photo)

Federal data, security leaders release zero-trust guide ahead of White House deadline

The Federal Zero Trust Data Security Guide is aimed at “securing the data itself, rather than the perimeter protecting it.”

Nov 1, 2024 By Matt Bracken

Federal CISO Chris DeRusha speaks at CyberTalks, presented by CyberScoop. (Pixelme Studios)

DeRusha stepping down from federal CISO role

He’s also leaving ONCD, where he’s served as deputy national cyber director.

May 14, 2024 By Matt Bracken Rebecca Heilweil

OMB guidance asks agencies to provide inventory of IoT assets

The memo also calls on the CISO Council to create a working group charged with compiling sector-specific best practices playbooks that cover IoT and operational technology.

Dec 6, 2023 By Matt Bracken

Presidential advisory committee finds zero-trust push an ‘incomplete experiment’

NSTAC says the strategy's principles have yet to be fully integrated into federal governance policies and programs.

Feb 25, 2022 By Dave Nyczepir

CISA, DHS, Department of Homeland Security, RSA 2019 — (Scoop News Group photo)

CISA releases finalized IPv6 security considerations for TIC 3.0 implementation

The new guidance explains how the transition will affect network management operations.

Jan 21, 2022 By Dave Nyczepir

Agencies moving away from VPNs as they implement TIC 3.0

TIC 3.0 lets agencies plan remote user access while shrinking trust zones around high-value assets to reduce their attack surface.

Apr 30, 2021 By Dave Nyczepir

Sean Connelly, TIC Program Manager, CISA, DHS — Sean Connelly speaks Jan. 28, 2020, at the Zero Trust Security Summit presented by Duo Security and produced by FedScoop and CyberScoop. (Scoop News Group)

TIC program in ‘final stage’ before releasing remaining initial 3.0 guidance

The Overlay Handbook and Traditional TIC and Branch Office use cases are coming, with a draft of the remote user use case expected by the end of…

Oct 22, 2020 By Dave Nyczepir

CISA finalizes trio of TIC 3.0 documents

The Program Guidebook, Reference Architecture and renamed Security Capabilities Catalog were updated with new architecture concepts.

Jul 31, 2020 By Dave Nyczepir