This post first appeared on Federal News Network. Read the original article.
- The House Permanent Select Committee on Intelligence is considering updates to a key cybersecurity law. The Cybersecurity Information Sharing Act of 2015 expires this September. The intelligence committee last week received briefings from multiple agencies on how the law has worked out so far. The statute incentivizes private industry to share cyber threat data with the government. But Intelligence Committee Chairman Rick Crawford said the law needs to be updated to account for a decade of evolving technology and cyber threats.
(Crawford, Himes on cyber info sharing reauthorization full committee briefing – House Permanent Select Committee on Intelligence)
- Senate lawmakers are pressing President Trump’s nominee for under secretary of the Army to cut ties with Anduril. Michael Obadal joined the company nearly three years ago and currently serves as the firm’s senior director. He holds between $250,000 and $500,000 in Anduril stock. During his confirmation hearing, Obadal said he would keep his vested equity but recuse himself from any matters involving Anduril. Lawmakers voiced concerns about a potential conflict of interest and Sen. Elizabeth Warren (D-Mass.) called for Obadal to divest from Anduril and sell his stock in other major defense contractors. Anduril was awarded a $22 billion contract to produce mixed-reality headsets for the Army.
(Lawmakers call on Army’s under secretary nominee to divest from Anduril – Senate Armed Services Committee)
- Vendors seeking a FedRAMP low authorization can apply for a pilot to test out a new approach to achieve the cloud security credentials. The FedRAMP program management office will begin accepting phase one pilot submissions at the end of May. Under the phase one pilot, cloud service providers will submit key security indicators in place of traditional baselines and generate machine-readable validations that can be assessed by a third party experts. FedRAMP outlined seven key security indicators such as having a denial of service protection and being able to continuously scan cloud native system components.
(FedRAMP to kick off low authorization pilot this month – FedRAMP.gov)
- Agencies and contractors are reporting mixed success when it comes to security clearance reforms. The personnel vetting reform initiative known as Trusted Workforce 2.0 has helped agencies and contractors better manage risks when onboarding new employees. But delays with a new background investigation IT system are posing major challenges for both government and industry. That’s the upshot from a new Government Accountability Office survey of 45 agencies and more than 600 contractors. GAO found contractors in particular have been frustrated by the delayed transition to the new National Background Investigation Services system.
(Trusted Workforce 2.0 a mixed bag for agencies, contractors – Federal News Network)
- Agencies are reversing course on some of the Trump administration’s policies targeting federal employees and the unions that represent them after federal courts ordered them to do so — at least temporarily. The IRS is putting a hold on plans to eliminate certain alternate work schedules. The agency sought to eliminate these compressed schedules “to optimize operations.” But those plans are on hold after a federal judge issued a preliminary injunction on an executive order that stripped collective bargaining rights from much of the federal workforce.
(IRS axes flexible work schedules – Federal News Network)
- The Office of Management and Budget is de-emphasizing enterprise risk management as part of its effort to rewrite Circular A-123. A draft copy of the document obtained by Federal News Network shows OMB has removed any mention of enterprise risk management. These changes include cutting section two of the current circular that specifically calls for establishing an ERM program and identifying current and residual risks and how to mitigate those potential or real challenges. The draft Circular A-123 instead combines certain concept of ERM back into the sections focused on internal controls and maintains some aspects of this enterprise approach, like the requirement for agencies to name a chief risk officer.
(OMB revamping A-123, removing many enterprise risk concepts – Federal News Network)
- The Office of Personnel Management appears to be reversing course on a surprise contract award to replace its HR systems with outsourced cloud services. On Friday, OPM issued a notice saying it was rescinding the justification it had used to award the sole-source cloud contract to Workday just a week earlier. Agency contracting officials didn’t explain their reasons for pulling back the justification. OPM had said the sole-source award was needed because the office had an urgent need for Workday’s services because of a “systemic breakdown” in its current HR infrastructure.
(OPM reverses course on no compete HR contract – Federal News Network)
- The Defense Information Systems Agency’s hybrid cloud broker office is shifting its focus to strengthening relationships with existing customers. The office has rolled out feedback tools to better understand how its cloud offerings are performing. The team is now focused on helping agencies better understand and manage their cloud spending. In addition, the broker office is transforming its public-facing site into a modern, vendor-style portal where customers can explore services, describe what their technical challenges are, and interact with AI-powered self-service tools.
(DISA’s hybrid cloud broker office works to help customers navigate cloud costs – Federal News Network)
The post New cybersecurity law updates may be on the way first appeared on Federal News Network.