Chris DeRusha is leaving his position as the federal CISO, a role he has held since January 2021. He is also departing from his role as the deputy national cyber director at the Office of the National Cyber Director (ONCD).

The CISA on Monday released safety and security guidelines for critical infrastructure, a move that comes just days after the Department of Homeland Security announced the formation of a safety and security board focused on the same topic.

In its report, the GAO highlighted “new and continuing” shortcomings with information systems and the safeguarding of assets, issues that increase the likelihood of unauthorized access to sensitive IRS data.

Finding the right balance between encouraging innovation within development teams and securing the software supply chain remains a challenge for federal agencies, according to the acting chief information officer of the IRS.

Details of Medicare beneficiaries that were exposed during the incident included names, addresses, dates of birth, phone numbers, social security numbers, and Medicare Beneficiary Identifiers.

The General Services Administration announced Tuesday that it is accepting advisory board member nominations for the FedRAMP cybersecurity authorization program, marking the first step in implementing recent legislation that reformed the program.

The responsibilities of the House Oversight Committee’s Government Operations subcommittee will now be undertaken by two separate subcommittees, according to a Hill staffer familiar with the matter.

The HHS has launched a pilot program to tackle Medicare fraud using tree-based artificial intelligence models and deep learning approaches, HHS Chief Information Officer Karl Mathias said Wednesday.

US House lawmakers introduced bipartisan legislation on Wednesday to create a civilian organization tasked with supporting the digital and cyber needs of federal agencies.

According to the report, the Interior Department’s password complexity requirements were outdated and ineffective. It also failed to disable inactive accounts in a timely manner or to enforce password age limits.