Tag: government regulations
16 articles

Pentagon Hits Pause on Cybersecurity Certification Requirements
The Pentagon has hit pause on its cybersecurity certification requirements, citing prohibitive compliance costs and bureaucratic burdens that could stifle innovation in the US defense industrial base. This 60-day suspension sparks a review that may reshape enforcement and acquisition rules for defense contractors.

CISA Mandates Patching of Exploited Adobe ColdFusion Flaw
Adobe has issued a warning to patch a critical flaw, CVE-2026-48282, in ColdFusion versions 2025.9, 2023.20, and earlier, as attackers have already begun exploiting it just two hours after disclosure. Admins are urged to deploy the updates within 72 hours to prevent code execution on unpatched systems.

Credentials Face Quantum Threat Decades Ahead
The NSA has set a critical deadline: by January 1, 2027, new national security systems must support quantum-resistant algorithms to stay ahead of emerging threats. With deadlines stretching into the 2030s, organizations must plan now to protect their systems from the looming quantum threat.

Federal Agencies Pursue Secure AI With Data Clarity, Infrastructure Overhaul
The harsh reality is that most organizations are flying blind when it comes to their data, with little insight into what they have, where it's stored, or if it's properly secured. This knowledge gap is a major hurdle for federal agencies looking to harness the power of AI while keeping sensitive data safe.

US Datacenter Law Set to Lapse, Leaving Security Gaps Unaddressed
As the Federal Data Center Enhancement Act of 2023 lapses on September 30, 2026, a crucial safeguard for secure and reliable access to federal information systems will vanish, leaving gaping security holes unaddressed. Without an extension or replacement, federal data centers may operate with little oversight, putting sensitive information at risk.

CISA Overhauls Vulnerability Patching with Smarter Prioritization Directive
The Cybersecurity and Infrastructure Security Agency (CISA) has rolled out a game-changing directive that revolutionizes vulnerability patching with a smarter approach to prioritization, empowering federal agencies to tackle fixes more efficiently. By introducing clear guidelines and timelines, CISA is helping agencies focus on the most critical patches first, based on criteria like exposure, exploitability, and real-world threat activity.

CISA Directive Overhauls Cyber Risk Prioritization Across Agencies
The Cybersecurity and Infrastructure Security Agency is shaking up its approach to cyber risk with a new directive that prioritizes impact over raw vulnerability counts, helping agencies focus on protecting what matters most. Acting director Nick Andersen urges a pragmatic approach, acknowledging that some systems are more critical than others.

Lawmakers Press Army for Detailed Transformation Plans
Congress is pushing the Army for a clearer roadmap to achieve its transformation goals, with Rep. Mike Rogers bluntly stating that the Army hasn't done its homework. The House Armed Services Committee has now mandated an annual report and briefing from the Army to keep lawmakers in the loop.

NIST's Vulnerability Database Plagued by Duplication, Inefficiency
The National Vulnerability Database is facing a massive backlog crisis, with unprocessed security flaws doubling from 13,000 in June 2024 to over 27,000 by the end of 2025, and officials admit they lack a long-term plan to tackle the problem. Despite promising to clear the backlog by September 2024, the database continues to struggle with inefficiencies and a lapsed contract.

OPM Proposes Sweeping NDA Rule for Federal Employees
The Office of Personnel Management wants to shake up the way federal employees handle confidential information, proposing a new nondisclosure agreement rule that would require all employees to sign a pledge protecting internal agency details. If implemented, the rule could have far-reaching implications for whistleblowing and employee accountability.

House Panel Targets Defense Industrial Base in $1.15T Policy Bill
The House Armed Services Committee's draft defense policy bill aims to bolster the Defense Industrial Base, driven by a stark reality: the US no longer has the capacity to rapidly produce war-fighting capabilities at scale. A $1.15 trillion spending plan is on the table, but a separate $350 billion request remains a crucial wildcard.

UK Cybersecurity Market Booms as Government Targets Enhanced Resilience
The UK's cybersecurity market is thriving, generating £14.7bn in revenue and supporting nearly 70,000 jobs, with the government investing in its own defenses and setting national standards to boost resilience. This booming sector has seen a 20% surge in cybersecurity firms, now totaling 2,603, and a 17% annual increase in gross value added.

Vought Targets Shipbuilders with OMB Rebuke at Sea Air Space
In a stunning move, Office of Management and Budget chief Russel Vought took aim at the shipbuilding industry during the Navy League's Sea Air Space conference, delivering a sharp rebuke that made headlines. His bold intervention marked a dramatic close to the annual gathering.

European Firms Launch Sovereign Disaster Recovery Offering
Four European tech firms have teamed up to offer a game-changing solution: a fully sovereign disaster recovery pack that lets businesses safeguard their critical technology from external threats, giving them peace of mind in an uncertain world. This innovative stack is designed to sit on corporate premises, shielding users from potential disruptions and ensuring business continuity.

CISA Pushes AI Firms to Join Vulnerability Disclosure Efforts
The Cybersecurity and Infrastructure Security Agency (CISA) is calling on AI companies to take a more active role in disclosing vulnerabilities, sparking a crucial conversation about who's responsible for revealing flaws in AI systems. By joining forces, CISA and AI firms can work together to strengthen vulnerability disclosure efforts and protect against potential threats.

Universities Scramble to Tighten Export Controls Amid Rising Risks
As governments tighten export controls to protect national interests, universities face a pressing dilemma: how to balance the need for global collaboration and discovery with the risk of unchecked research crossing borders. With regulations once reserved for industry now bearing down on academic activity, institutions must urgently revisit their export-control compliance to avoid stifling innovation.