Federal CISO on upcoming cybersecurity changes

“It’s almost that time again. Every fall agencies wait for the Office of Management and Budget to release instructions on how they should shape annual reports they have to make on the state of their information security. But this time the process is happening after two massive intrusions compromised several government agencies and there will be some important changes.

Federal Chief Information Security Officer Chris DeRusha told Nextgov’s Critical Update the biggest thing agencies can expect going forward is an understanding of how demanding the current reporting process is and an appropriate narrowing of the scope of things they have to focus on at any given time…”

“DeRusha believes paring down the list of things agencies are reviewing to the most essential functions satisfied by practices like continuous monitoring will yield better results than previous years’ efforts on that front.

‘It’s been a goal for a while, but we’re doubling down on that and making sure that we’re giving agencies some space to be able to focus on that,’ he said. ‘And that’s going to mean maybe asking them less often about all of their control implementations … We won’t necessarily review all controls every year. We’re going to focus on a subset.’…”

“To address the fact that agencies are in very different places along the road to implementing modern cybersecurity practices, DeRusha said, ‘One of the things you can do is you can leverage capability, maturity models. I’m a big believer in that.’…” Read the full article here.

Source: Critical Update: The Federal CISO Is Prioritizing Flexibility for Agencies – By Mariam Baksh, October 26, 2021. Nextgov.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 2 months, 4 weeks ago.

  • Author
  • #141001

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2022 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?