NIST releases automation-friendly security and privacy assessment procedures
The agency developed an online comment tool to release future controls and assessment procedures concurrently to keep pace with evolving cyber threats.
Advertisement
risk management
DOD CIO updating cyber reciprocity guidance after audit finds weaknesses
In a recent audit, the DOD IG observed a mixed bag of some DOD components leveraging reciprocity and others not.
Delayed DHS biometrics system’s risk management issues persist
GAO says acquisition practices for the new system, HART, must also be improved.
GAO: Agencies must ramp up supply chain risk management practices
A new GAO report reveals that few agencies have implemented recommended practices for managing IT supply chain risks, especially pertinent following the SolarWinds attack.
State Department is looking for tools to manage its global supply chain risk
The department wants to better understand its supply chain of IT vendors and be able to rapidly discover or anticipate risks to its networks.
TSA pushing airport security innovation in new ways
The agency wants "one, seamless airport environment."
Advertisement
GSA awards 75 spots on $5.5B Second Generation IT vehicle
The five-year BPA streamlines acquisition of hardware and software products and services to not only federal agencies but state, local and tribal governments.
A roadmap for automating FedRAMP is coming
The program's acting director said her office is looking for "quick wins" now that its Ideation Challenge is over.
Energy is using cyber risk assessments to make cloud decisions
The department has launched risk analysis initiatives at national labs, rather than waiting for the perfect metrics, to establish standards.
CDM’s agency cyber risk scores will be relative, at least initially
The scores won't be public, though, "because we know adversaries will be looking to see which agencies are having problems," says Continuous Diagnostics and Mitigation program manager…