risk management

NIST releases automation-friendly security and privacy assessment procedures


The agency developed an online comment tool to release future controls and assessment procedures concurrently to keep pace with evolving cyber threats.

DOD CIO updating cyber reciprocity guidance after audit finds weaknesses


In a recent audit, the DOD IG observed a mixed bag of some DOD components leveraging reciprocity and others not.

Delayed DHS biometrics system’s risk management issues persist


GAO says acquisition practices for the new system, HART, must also be improved.

GAO: Agencies must ramp up supply chain risk management practices


A new GAO report reveals that few agencies have implemented recommended practices for managing IT supply chain risks, especially pertinent following the SolarWinds attack.

Cloud and AI key to managing risk for government agencies


IT leaders are overwhelmed with security and regulation requirements. But using AI-enabled tools and a holistic cloud strategy can help agencies better mitigate security risk.

State Department is looking for tools to manage its global supply chain risk


The department wants to better understand its supply chain of IT vendors and be able to rapidly discover or anticipate risks to its networks.