Cybersecurity

Executive Order on Improving the Nation’s Cybersecurity

Read more about Executive Order on Improving the Nation’s Cybersecurity

On May 12, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity to support our nation’s cybersecurity and protect the critical infrastructure and Federal Government networks underlying our nation’s economy and way of life.

Statement from CISA Acting Director Wales on Executive Order to Improve the Nation’s Cybersecurity and Protect Federal Networks

Read more about Statement from CISA Acting Director Wales on Executive Order to Improve the Nation’s Cybersecurity and Protect Federal Networks

WASHINGTON – Yesterday, President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks. Cybersecurity and Infrastructure Security Agency (CISA) Acting Director Brandon Wales released the following statement:

Last Published Date: May 13, 2021

Mitigating the Impacts of Doxing on Critical Infrastructure

Read more about Mitigating the Impacts of Doxing on Critical Infrastructure

Organizations are using online spaces now more than ever to conduct business operations. While critical, the increased use of online spaces also heightens concerns over the risk of doxing. CISA encourages individuals and organizations to take an active role in protecting themselves by controlling the information that is shared and stored online and implementing a series of best practices.

CISA Releases Second Graphic Novel to Combat Disinformation on National Superhero Day

Read more about CISA Releases Second Graphic Novel to Combat Disinformation on National Superhero Day

In celebration of National Superhero Day, the Cybersecurity and Infrastructure Security Agency (CISA) is releasing its second graphic novel in the Resilience Series to educate the public on the dangers and risks associated with dis- and misinformation campaigns.

Last Published Date: April 28, 2021

April is National Supply Chain Integrity Month - Week 4

Read more about April is National Supply Chain Integrity Month - Week 4

As the use of ICT continues to accelerate and expand, so will the attack surface for adversaries seeking to steal, compromise or alter, and destroy sensitive information. In the final week of National Supply Chain Integrity Month, CISA is reminding everyone that strengthening ICT supply chains requires an ongoing, unified effort between government and industry.

Software Supply Chain Attacks

Read more about Software Supply Chain Attacks

The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.

CISA Issues Emergency Directive Requiring Federal Agencies to Check Pulse Connect Secure Products

Read more about CISA Issues Emergency Directive Requiring Federal Agencies to Check Pulse Connect Secure Products

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-03 today requiring federal civilian departments and agencies running Pulse Connect Secure products to assess and mitigate any anomalous activity or active exploitation detected on their networks. All affected agencies are required to use the Pulse Connect Secure Integrity Tool to check the integrity of their file systems, and if mismatches or new files are found, they must take mitigation actions and contact CISA for potential incident response activities.

Last Published Date: April 20, 2021

Pulse Connect Secure Mitigations

Read more about Pulse Connect Secure Mitigations

Multi-factor authentication (MFA)

Read more about Multi-factor authentication (MFA)

Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.

Domain-Based Message Authentication, Reporting and Conformance (DMARC)

Read more about Domain-Based Message Authentication, Reporting and Conformance (DMARC)

The DMARC product was created to call attention to an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources. DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.

Subscribe to Cybersecurity