CISA proposes new security requirements to protect govt, personal data
CISA proposed new security requirements to protect sensitive U.S. data from adversarial states, targeting key sectors and recommending measures like vulnerability remediation and encryption, while seeking public feedback.
Read original article
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has proposed new security requirements aimed at safeguarding sensitive personal and government data from adversarial states. This initiative is part of the implementation of Executive Order 14117, signed by President Biden, which addresses significant data security vulnerabilities that could impact national security. The proposed requirements target organizations involved in transactions with bulk U.S. sensitive data, particularly those exposed to nations deemed as security risks due to cyber espionage and hacking activities. Key sectors affected include technology firms, telecommunications, healthcare, finance, and defense. CISA's recommendations include maintaining an updated asset inventory, remediating known vulnerabilities promptly, enforcing multi-factor authentication, and preventing unauthorized hardware connections. Additionally, organizations are urged to minimize data collection, apply encryption, and utilize advanced techniques to protect sensitive information. CISA is seeking public feedback to refine these proposals, inviting comments through regulations.gov.
- CISA's new security requirements aim to protect sensitive U.S. data from adversarial states.
- The proposal is linked to Executive Order 14117, focusing on national security risks.
- Affected sectors include technology, telecommunications, healthcare, finance, and defense.
- Key recommendations include vulnerability remediation, multi-factor authentication, and data encryption.
- CISA is soliciting public input to finalize the security requirements.
Related
CISA Red Team's Operation Highlights the Necessity of Defense-in-Depth
CISA conducted a red team assessment on a FCEB organization, emphasizing defense-in-depth, behavior-based monitoring, and network segmentation. Recommendations include security layers, behavior monitoring, and network baselines for improved cybersecurity.
Cyberattacks on clean energy are coming – the White House has a plan
The Biden administration is prioritizing cybersecurity for clean energy infrastructure, focusing on key technologies and collaboration among stakeholders to enhance defenses against cyber threats and modernize aging systems.
Summary of the USA federal government's zero-trust memo
The U.S. government's Zero Trust Cybersecurity Memo promotes enhanced federal cybersecurity by advocating dynamic authentication methods, eliminating long-lived credentials, mandating encryption, and encouraging bug bounty programs for vulnerabilities.
US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
The U.S. government is eliminating four-year degree requirements for cybersecurity jobs to address a shortage of 500,000 positions, emphasizing skills-based hiring and investing $244 million in apprenticeships.
US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
The U.S. government is eliminating four-year degree requirements for federal IT positions to address a cybersecurity talent shortage, investing $244 million in apprenticeships and emphasizing skills-based hiring.
0 commentsRelated
CISA Red Team's Operation Highlights the Necessity of Defense-in-Depth
CISA conducted a red team assessment on a FCEB organization, emphasizing defense-in-depth, behavior-based monitoring, and network segmentation. Recommendations include security layers, behavior monitoring, and network baselines for improved cybersecurity.
Cyberattacks on clean energy are coming – the White House has a plan
The Biden administration is prioritizing cybersecurity for clean energy infrastructure, focusing on key technologies and collaboration among stakeholders to enhance defenses against cyber threats and modernize aging systems.
Summary of the USA federal government's zero-trust memo
The U.S. government's Zero Trust Cybersecurity Memo promotes enhanced federal cybersecurity by advocating dynamic authentication methods, eliminating long-lived credentials, mandating encryption, and encouraging bug bounty programs for vulnerabilities.
US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
The U.S. government is eliminating four-year degree requirements for cybersecurity jobs to address a shortage of 500,000 positions, emphasizing skills-based hiring and investing $244 million in apprenticeships.
US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
The U.S. government is eliminating four-year degree requirements for federal IT positions to address a cybersecurity talent shortage, investing $244 million in apprenticeships and emphasizing skills-based hiring.