As threats increase, audit finds federal agencies struggle to implement cyber plans

by Sean Lyngaas

“Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” GAO warned.

White House email domains are sitting ducks for phishing attacks: study

by Sean Lyngaas

Only one of the 26 email domains managed by the Executive Office of the President uses DMARC.

What's lurking in federal mobile tech? Apps, devices could hold nasty surprises.

by Shaun Waterman

When federal agencies have for the first time to include mobile devices and apps in their information security reporting for FY2018 starting this October, they may be in for a nasty surprise, if the experience of the Department of Homeland Security is anything to go by.

Federal agencies often don't know who's attacking them online, OMB says

by Shaun Waterman

For nearly a third of the cybersecurity incidents reported to the Department of Homeland Security by federal agencies, the agency had no information about what kind of attack took place or where it was targeted, officials said Wednesday.

No longer 'federal,' no longer exclusively 'cyber' — NIST security controls break out

by Shaun Waterman

The National Institute of Standards and Technology has removed the word "federal" from the title of its magisterial catalogue of cybersecurity and privacy controls.

What's in the NIST cybersecurity controls catalogue update?

by Shaun Waterman

The latest revisions to NIST's canonical SP 800-53 catalogue of cybersecurity controls integrate privacy measures and make the document more welcoming to non-feds.