The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain for Developers today. The product is through the Enduring Security Framework (ESF) — a public-private cross-sector working group led by NSA and CISA that provides cybersecurity guidance addressing high priority threats to the nation’s critical infrastructure.
Building the Supply Chain of the Future
August 24, 2022
2:00 PM Webinar
During this exclusive webinar, moderator Jason Miller and agency leaders will explore how organizations are approaching supply chain risk management and the data strategy behind this management.
The importance of managing risk in the supply chain
Avetta urges companies to prioritize eliminating cybersecurity risks, which could otherwise have devastating effects on their supply chain. According to Avetta, 85% of companies experience at least one interference in their supply chain every year. From financial instability to data threats, greenhouse gas emissions to incidents on site, supply chains face constant threats.
Exiger Selected as Government-Wide Enterprise Supply Chain and Third-Party Risk Management Platform
Risk and compliance specialist, Exiger, has been awarded a contract by the U.S. General Services Administration (GSA) as a trusted partner to deliver a supply chain risk management (SCRM) and third-party risk management (TPRM) enhanced capability made available to the entire U.S. Federal Government.
The multi-year, $74.5 million, contract award builds on Exiger’s SCRM work with the Department of Defense (DoD) that has been tested and proven across multiple scenarios. GSA will now expand access to Exiger’s SCRM solutions and allow all government agencies to share risk insights and consistently manage supplier risk and health across the U.S. Federal Government enterprise. This enterprise solution is designed to enable significant efficiencies including volume discounts, cross-enterprise data sharing, improved collaboration, and development of supply chain risk mitigation strategies.
C-SCRM – Cyber Supply Chain Risk Management 2022 In Person Dinner Meeting
August 17 @ 5:30 pm – 8:30 pm PDT
Our current supply chain is severely disrupted. Freight in the major ports of Los Angeles, Long Beach, and Oakland are backed up 100 miles out to sea. The Biden administration issued an executive order in February of 2021 about Cyber Supply Chain Risk Management the same month NISTIR 8276 about C-SCRM was published. Our supply chain is already shattered, and a cyber-attack could be the straw that breaks the camel’s back. We will show you how to evaluate all your supply chain risk using the NIST Cybersecurity Framework and Capability Maturity Model (CMMI). The keys to a successful C-SCRM program are cloud deployment combined with these proven frameworks. We will show you how we use open-source data, the Salesforce secure cloud, and portals, to automate and deploy an effective C-SCRM program anywhere in the world.
CISO Handbook: Securing Identity in a Zero Trust Environment
August 2, 2022
2:00 PM Webinar
During this exclusive CISO Handbook webinar, moderator Justin Doubleday and guest Angelica Phaneuf, chief information security officer at Army Software Factory will break down Army’s digital transformation initiatives in relation to their identity and security strategies. In addition, Matt Tarr, solutions architect at CyberArk, will provide an industry perspective.
Secure Development for Federal Software Supply Chains
July 27, 2022
2:00 pm – 3:00 pm
Description
How are agencies developing strategies to implement cutting edge software?
During this exclusive webinar, we will break down different approaches taken in securing software during development and production. Moderator Jason Miller and agency leaders will discuss some of the most important factors when you are deciding to bring new software into your ecosystem and how to ensure that your workforce has the necessary skills.
Learning objectives:
– Current State of Software Development in Agencies
– Cybersecurity Considerations for Open Source Software
– Decisions Around Building vs. Buying Capabilities
Business Systems: DOD Needs to Improve Performance Reporting and Cybersecurity and Supply Chain Planning
The Department of Defense requested about $38.6 billion for FY 2022 for its unclassified information technology, such as communications systems and business systems.
We reviewed the performance of DOD’s 25 major IT business programs, management of cybersecurity and supply chain risks, and more. Among other things, we found:
- 19 of the 25 programs did not fully report data measuring progress on system performance
- Programs reported progress on only 77 of 172 performance targets
- 15 of the 25 reported having an approved cybersecurity strategy and provided a copy to validate
Space Force wants a ‘bloodhound’ to sniff out cyberthreats
U.S. Space Force has kicked off development of a seven-year contract for cybersecurity services to protect the ground networks that manage its space assets.
Space Force’s cyber operations division has dubbed the contract Digital Bloodhound and it will be a multiple-award, task-order contract. The solicitation is expected before the end of the year with an award by the end of March 2023.
The cyber operations division currently has two product lines for defensive requirements for cybersecurity and national security called Manticore and Kraken, according to the Sam.gov posting.
GAO Pushes EPA to Implement Cyber Risk Assessment Framework
To better manage and protect against cybersecurity risks the Environmental Protection Agency (EPA) must establish an enterprise-wide cybersecurity risk assessment framework, the Government Accountability Office (GAO) said in its latest annual priority recommendations report to the agency.
GAO outlined 12 priority recommendations for EPA that fall into six focus areas – including ensuring cybersecurity at EPA.
Federal agencies continue to face a growing number of cyber threats to their systems and data. According to Federal guidelines, agencies need to effectively identify, prioritize, and manage their cyber risks to protect themselves against these threats.