11 matches found
US Agencies Face CISA Deadline Over Critical Cisco SD-WAN Flaw
US agencies race to meet a CISA deadline after a critical Cisco SD-WAN Flaw exposed federal networks to long-term intrusion and forced security action...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance EPM CSA Code Injection Vulnerabilit...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...
BOD 23-01: Improving asset visibility and vulnerability detection on federal networks
On October 3, 2022, the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive 23-01 BOD 23-10. This directive requires all Federal Civilian Executive Branch FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodi...
CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
CISA has issued Binding Operational Directive BOD 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executiv...
CISA Releases Guidance: IPv6 Considerations for TIC 3.0
The federal government has prioritized the transition of federal networks to Internet Protocol version 6 IPv6 since the release of Office of Management and Budget OMB Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum...
Cybersecurity Executive Order 13800: More than a Risk Assessment?
Written by Sr. Solutions Engineer, Micah Maryn. Most folks around the Washington DC beltway have heard the cybersecurity Executive Order EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure referred to as a simple risk assessment. But the reality is that it i...
Trump's Top Cybersecurity Boss Talks Priorities
BOSTON–Citing Mirai and WannaCry as recent examples, Rob Joyce, special assistant to the president and cyber security coordinator for the White House, said the global landscape of cyber threats can’t be ignored and the U.S. needs to sharpen its defenses when it comes to fending off attacks. “If y...
President’s Cybersecurity Executive Order
On May 11, 2017, President Trump released the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. This E.O. -- while stand alone in focus --should be seen in the context of a greater move in the Executive Branch to elevate the awareness...
Trump Signs Cybersecurity Executive Order
President Trump today signed a long-delayed cybersecurity executive order that prioritizes the protection of federal networks and critical industries, and instructs agency heads to implement the NIST Framework for Improving Critical Infrastructure Cybersecurity. The order was to be signed in late...
Cybersecurity Act of 2012 Introduced Without Emergency Presidential Powers Provisions
A bipartisan group of Senators introduced the Cybersecurity Act of 2012 yesterday. The bill aims to secure federal and private sector networks that provide essential services or that are deemed “critical” to the nation in some other way. According to a Homeland Security and Government Affairs...