Cybersecurity

CISA Announces New Vulnerability Disclosure Policy (VDP) Platform

Read more about CISA Announces New Vulnerability Disclosure Policy (VDP) Platform

Last fall, we issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public to contribute and report vulnerability disclosures. Recognizing that policies alone are not sufficient, we also announced plans to launch a vulnerability disclosure platform service in the near future. Today, the future arrived.

CDM Success Stories: Department of Health and Human Services (HHS)

Read more about CDM Success Stories: Department of Health and Human Services (HHS)

The Department of Health and Human Services (HHS) worked with CDM to quickly address heightened concern about pandemic-related data security by strengthening its cybersecurity threat intelligence and response mechanisms.

“The CDM program gave us every resource we needed to defend the department while working on a vaccine to help the American public.” – HHS CISO

Chinese Cyber Threat Overview and Actions for Leaders

Read more about Chinese Cyber Threat Overview and Actions for Leaders

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that the People’s Republic of China (PRC) leverages cyber operations to assert its political and economic development objectives. Chinese state-sponsored cyber actors aggressively target U.S. and Allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, emerging and key technology, intellectual property, and personally identifiable information (PII).

CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Windows Print Spooler Service Vulnerability

Read more about CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Windows Print Spooler Service Vulnerability

CISA Encourages All Organizations to Take Steps to Protect their Networks

Last Published Date: July 13, 2021

War on Pineapple

Read more about War on Pineapple

This infographic, with a tongue-in-cheek approach to putting pineapple on pizza, looks at how foreign adversaries conduct malign information operations to inflame hot button issues in the United States.

Inauthentic Content

Read more about Inauthentic Content

The Tools of Disinformation: Inauthentic Content products (available in English and Spanish) highlight the tactics used by disinformation campaigns in order to undermine public confidence and sow confusion.

Social Media Bots Overview

Read more about Social Media Bots Overview

This Social Media Bots Overview infographic provides an overview of social media bots and how they can be used by adversaries to conduct malign activities.

STATEMENT ON SPEARPHISHING CAMPAIGN TARGETING GOVERNMENT ORGANIZATIONS, IGOS, AND NGOS

Read more about STATEMENT ON SPEARPHISHING CAMPAIGN TARGETING GOVERNMENT ORGANIZATIONS, IGOS, AND NGOS

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) has released the following statement regarding a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs):

Last Published Date: May 28, 2021

CDM Capabilities: Network Security Management

Read more about CDM Capabilities: Network Security Management

The CDM Program ultimately reduces the threat surface and improves federal cybersecurity response through four capability areas: Asset Management, Identity and Access Management, Network Security Management, and Data Protection Management.The Network Security Management capability is designed to provide agencies with greater visibility into what is happening on their networks, which also gives them a better understanding of how the networks are being protected.

To learn more about the CDM Program's Network Security Management capability:

CDM Capabilities: Identity and Access Management

Read more about CDM Capabilities: Identity and Access Management

The CDM Program ultimately reduces the threat surface and improves federal cybersecurity response through four capability areas: Asset Management, Identity and Access Management, Network Security Management, and Data Protection Management. The Identity and Access Management capability is intended to manage the access and privileges of agency network users.

Learn more about the CDM Program's Identity and Access Management capability:

Subscribe to Cybersecurity