Christopher Walker, Cyber Risk Management and Response

The Pentagon's Cybersecurity Risk Management Framework is being replaced, and the implications for cyber governance are profound. The Office of the DoW Chief Information Officer is launching the Software Fast Track (SWFT) program to streamline cybersecurity assessments and accelerate software delivery to the warfighter. The goal: shift from paperwork-heavy ATO processes to automated, continuous validation rooted in "secure by design" principles. At the DAF CIO, we see this as more than a procedural update, but an important governance inflection point. We’re committed to: • Preserving enterprise integrity as legacy frameworks give way to automation • Ensuring statutory compliance even as risk models evolve • Empowering our cyber and IT workforce to adapt without losing mission assurance Modernization must be fast, but it must also be accountable. As SWFT rolls out, we'll continue asking the hard questions: • What risks are we accepting by default? • Where does reciprocity end and responsibility begin? • How do we ensure transparency across the software lifecycle? Governance isn’t a speed bump... it's the guardrail. Read more about this important initiative below and from PTDO DoW CIO Ms. Katie Arrington's LinkedIn page.

57

3 Comments

New Post: CISA: New Guidance for SIEM and SOAR Implementation - https://lnkd.in/d4B8q9C4 05/27/2025 10:00 AM EDT Today, CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre and other international and U.S. partners, released new guidance for organizations seeking to procure Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. This guidance includes the following three resources: Implementing SIEM and SOAR Platforms – Executive Guidance outlines how executives can enhance their organization’s cybersecurity framework by implementing these technologies to improve visibility into network activities, enabling swift detection and response to cyber threats. Implementing SIEM and SOAR Platforms – Practitioner Guidance focuses on how practitioners can quickly identify and respond to potential cybersecurity threats and leverage these technologies to streamline incident response processes by automating predefined actions based on detected anomalies. Priority Logs for SIEM Ingestion – Practitioner Guidance offers insights for prioritizing log ingestion into a SIEM, ensuring that critical data sources are effectively collected and analyzed to enhance threat detection and incident response capabilities tailored for organizations. CISA encourages organizations to review this guidance and implement the recommended best practices to strengthen their cybersecurity. For access to the guidance documents, please visit CISA’s SIEM and SOAR Resource page. Robert Williams#News247WorldPress

1

Cybercriminals often bypass technical defenses by targeting employees through sophisticated social engineering attacks and phishing scams. A robust security strategy must include ongoing employee training and attack simulations to build a human firewall.

1

Audit Retrospective: Lagging Event Logging Maturity Hindered Federal Cybersecurity Response A 2023 GAO report found that 20 of 23 major federal agencies had not met advanced event logging requirements by the deadline. This highlighted the persistent challenge of implementing foundational security controls at scale across complex government IT environments. The performance audit reviewed the incident response capabilities of 24 Chief Financial Officers Act agencies from January 2022 to December 2023, focusing on implementation of Executive Order 14028 requirements. Logging Shortfalls: As of August 2023, auditors found that only 3 agencies had reached the required "Advanced" (Tier 3) maturity level for investigative logging, while 17 remained at the "Not Effective" (Tier 0) level. Detection & Remediation Risk: The report documented that until event logging is fully implemented, the government's ability to detect, investigate, and remediate cyber threats remains constrained. Progress in Other Areas: The review noted positive progress in standardizing incident response plans, with all 23 agencies incorporating the CISA playbook, and 16 agencies reporting at least 80% endpoint detection coverage. Key Challenges: Agency officials identified three major hurdles: lack of skilled staff, technical complexities in logging (especially with legacy systems), and limitations in sharing timely, actionable cyber threat intelligence. Audits like this provide the essential benchmarks that catalyze structured improvement and resource prioritization. The underlying issue of operationalizing comprehensive security telemetry is universal: what foundational data controls has your organization prioritized to ensure effective incident investigation and response? For the detailed findings, review the 2023 GAO report GAO-24-105658, "CYBERSECURITY: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements." #GAO #Audit #Cybersecurity #IncidentResponse #Governance #RiskManagement #Compliance #PublicSector #ContinuousImprovement #ITSecurity

1

Identity and Access Management (IAM) is a key guardrail for secure access. This guide explains core IAM components, how they protect resources, and why they are foundational to Zero Trust security strategies. Read the breakdown: http://oal.lu/Q1obO #IAM #ZeroTrust #Security

1

Cybersecurity audits can feel intimidating—especially if you don’t have an IT team. The good news? You don’t need one. This guide shows how small organizations can get audit-ready in just 7 days using simple, accessible steps. Whether you're prepping for NIST compliance or a partner review, we’ve got you covered. 👉 https://lnkd.in/dX6c2eZV #CyberCompliance #AuditReady #SmallBizSecurity #Lockwell

5

6 Comments

ATO, RMF, STIG, POA&M, CMMC, NIST, SIPRNet, NIPRNet, IL5, PKI, MFA, ICAM, COMSEC, OPSEC, TACLANE, FICAM, HSPD-12, CJIS, and SCIF aren’t just acronyms to us, they’re the language of how the Army, Navy, Air Force, Marine Corps, and Space Force plan, secure, operate, and protect their missions. Across the DoD and Federal space, acronyms aren’t shorthand, they’re a way of life. They represent compliance, cybersecurity, accountability, and mission readiness. They define how systems are built, how risk is managed, and how trust is established. At VIRSIG, we speak “acronym” because it’s the environment we operate in every day. When you say ATO, we hear timelines, evidence, and approvals. When you say RMF, we think controls, SSPs, and continuous monitoring. When you say STIG, we think baseline hardening and inspection readiness. When you say COMSEC or TACLANE, we know encryption and operational continuity are on the line. When you say FICAM or HSPD-12, we understand identity trust and access control. Different branches. Different missions. Same reality. Everything must be secure, compliant, resilient, and auditable. Acronyms might sound funny to the outside world, but inside the mission space they represent responsibility and protection of people, data, and national security. They matter. And let’s be honest… if you ever feel like only about 1% of the population truly understands your day-to-day language… We got you. Learn more about us at www.VIRSIG.com

7

Security and privacy controls shouldn’t feel overwhelming. This ebook, “Mastering NIST SP 800-53,” breaks down the framework into practical, actionable guidance helping teams understand the controls, apply them effectively, and strengthen security and privacy programs with confidence. Whether you’re implementing NIST SP 800-53 for the first time or refining an existing program, this guide serves as a clear, hands-on companion. 👉 Download the ebook and simplify NIST SP 800-53 → https://zurl.co/NISTSP #NIST80053 #Cybersecurity #PrivacyControls #SecurityFrameworks #RiskManagement #Compliance #Akitra

3

Cybersecurity and Infrastructure Security Agency has released a draft guide, “Minimum Elements for a Software Bill of Materials (SBOM),” for public comment. The document incorporates lessons learned from increased SBOM generation and usage since 2021 and provides an updated baseline for how software component information is documented and shared. https://lnkd.in/df_m8prN

2

CISA Publishes Operational Technology Guide for Critical Infrastructure Stakeholders. The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with eight other national cyber agencies, has released a comprehensive “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators.” Published on August 13, 2025, this new guide equips critical infrastructure stakeholders—spanning energy, water and wastewater, manufacturing, and beyond—with best practices for developing and maintaining operational technology (OT) asset inventories and taxonomies. Reinforcing Modern Defensible Architectures CISA underscores that a thorough OT asset inventory is foundational to constructing a modern defensible architecture. By cataloguing every control system, sensor, communication device, and associated hardware and software, owners and operators gain visibility into their networks’ attack surfaces. The guide explains how an OT taxonomy—a structured classification system based on asset function and criticality—enables more efficient risk identification, vulnerability management, and incident response. The guide outlines a clear five-step process: **Define Scope and Objectives: Establish governance, assign roles, and determine the boundaries of the inventory program. **Identify Assets and Collect Attributes: Combine physical inspections with network surveys to list assets and capture high-priority attributes, such as IP addresses, manufacturer, OS versions, and criticality. **Create a Taxonomy: Build a classification framework by grouping assets into Zones and Conduits—drawing on ISA/IEC 62443 standards—to reflect communication pathways, functional dependencies, and security requirements. **Manage and Collect Data: Identify supplementary data sources, implement a centralized database, and apply security controls to protect inventory information. **Implement Life Cycle Management: Define each asset’s life cycle stages—from acquisition through decommissioning—and enforce policies to update inventory records with any changes.

2

Agent Chang automates audit preparation by continuously collecting evidence, mapping it to multiple frameworks like ISO, NIST, and FedRAMP, and identifying gaps before auditors do. Security and compliance teams are stuck chasing spreadsheets and fielding last-minute audit requests. Agent Chang, powered by Agentic AI in Qualys Enterprise TruRisk Management, eliminates that scramble – delivering continuous visibility into compliance posture, prioritizing remediation, and helping teams focus on real risk: https://bit.ly/3IQ4BUS #AgenticAI #AuditReady

60