Smarter Gov Tech, Stronger MerITocracy

The NIST Cybersecurity Framework, initially issued in early 2014, outlines five functions with regard to cybersecurity risk: identify, protect, detect, respond, and recover. Of these functions, those on the far left encapsulate measures that could be considered pre-breach; those on the right, post-breach. Far too often, however, government agencies tip the scales too far to the left. […]


The Smithsonian Institution (SI) made some progress in its Fiscal Year 2018 FISMA (Federal Information Security Modernization Act) audit, but still sat at around a Level 2 on the FISMA scale, according to a report released September 23 by the Smithsonian Office of Inspector General. […]


The National Institute of Standards and Technology (NIST) is looking for industry to participate in its efforts to develop a secure architecture for telehealth deployments outside of healthcare facilities, according to an upcoming Federal Register notice. […]

data privacy, people, personal data, binary

The National Institute of Standards and Technology (NIST) released a discussion draft version of the upcoming NIST Privacy Framework on Wednesday, May 1, with principles and practices aligned with the NIST Cybersecurity Framework. […]


The Government Accountability Office (GAO) recommended that the Transportation Security Administration (TSA) revise its pipeline security, cybersecurity guidelines, and risk assessment methodology, and build a more robust cybersecurity workforce to enhance its pipeline security program. […]

Cybersecurity cyber

The Department of Health and Human Services’ (HHS) FISMA (Federal Information Security Modernization Act) audit for fiscal year 2018, released today by HHS’ Office of the Inspector General (OIG), shows the agency improved its performance in the “Identify” and “Protect” areas of the framework, while holding steady in other areas. […]

DoD Pentagon Military

The Department of Defense puts a lot of effort into cybersecurity but still has some significant holes in its structure, some of them dating back a decade, according to a report issued earlier this month by the department’s Inspector General (IG). […]

Federal Cloud Flag

While the Federal IT community is eager to embrace the benefits of cloud services, agency leaders are working to balance the transition to cloud with Federal policies and maintaining continuous operations, deputy CIOs from the Air Force and the Department of Veterans Affairs (VA) told the crowd at CES-Government on Friday in Las Vegas. […]

The Department of Health and Human Services (HHS) last week released its Health Industry Cybersecurity Practices, a set of voluntary cybersecurity guidelines for the private sector that leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework to address cybersecurity issues across healthcare organizations of all sizes. […]

Cybersecurity cyber
Medical IOT
Cybersecurity flag

The National Institute of Standards and Technology (NIST) is taking the first steps to develop a privacy framework that balances risk and protections, the agency announced on Tuesday. […]

White House

The White House said President Trump has signed into law the NIST Small Business Cybersecurity Act, S. 770, which directs the National Institute of Standards and Technology (NIST) to provide resources to small businesses to help them implement NIST’s voluntary cybersecurity framework. […]

This month marks the first anniversary of President Trump signing his cyber executive order (EO), formally titled the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. […]

It’s no secret that Chinese companies are major suppliers to U.S. technology companies that serve the Federal government, and a report issued last month says the Chinese government is leveraging that manufacturing capability to create significant security risks across the U.S. Federal enterprise. […]

The rising frequency and intensity of cyberattacks on information technology systems that support the government, military, businesses, and critical infrastructure has raised awareness among senior Federal agency managers that security controls cannot be bolted on to systems as an afterthought. Security must be a core part of the design of systems from the beginning, and considered throughout the development lifecycle. […]

Sen. Sheldon Whitehouse, D-R.I., said that he is concerned about the Trump administration’s widespread adoption of the NIST Cybersecurity Framework. “The NIST Framework has never been adequately validated,” he said, adding that he wonders whether agencies have accepted it because it’s effective or because “compliance demands so little effort.” […]

President Donald Trump’s executive order on cybersecurity, signed May 11, has received praise from both Congress and industry for continuing the progress of the previous administration and focusing on the issues of workforce development, IT modernization, and implementation of the NIST Cybersecurity Framework. […]

There are strong signals that President Donald Trump’s executive order on cybersecurity may still be weeks, if not months, away from hitting the street in final form. After leaking two draft versions in rapid succession, the White House finds itself struggling to define the metrics it will use to hold agency leaders accountable. […]

Weekend Reader

The National Institute of Standards and Technology has released a draft update, Version 1.1, to its Cybersecurity Framework–a guide to help organizations reduce cyber risks. […]

A low-key change has taken place that sources say has shifted the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity from a purely voluntary practice to a mandatory standard for Federal agencies….Reactions to the White House’s open source coding push….And grumbling about Silicon Valley imports. […]
