Audit finds SBA’s information security program ‘not effective’ despite cyber improvements
The agency has boosted oversight of incident response, risk management and contingency planning, but continues to fall short of FISMA expectations.
Cybersecurity incidents down at federal agencies, no ‘major’ ones
The Office of Management and Budget cautioned, however, against drawing conclusions, given agencies' shifting reporting guidelines.
Why government is slow to endorse frameworks for quantifying cybersecurity risk
Until individual agencies like the Department of Energy and Department of the Treasury see success quantifying risk, the practice won't likely be mandated.
GAO reminds agencies of FISMA requirements, says OMB report is overdue
As of fiscal 2018, "many federal agencies were often not adequately or effectively implementing their information security policies and practices" under the Federal Information Security Modernization Act.
Congress should exempt Pentagon from Clinger-Cohen Act, panel says
The Section 809 Panel argues in a new report that Congress should exempt DOD from the Clinger-Cohen Act provisions under Title 40 of the U.S. code.
Federal agencies reported more than 35,000 cyber incidents in 2017
That's a substantial increase since last year.