Implementing Zero Trust Architecture: A Practical Guide
Step-by-step guide to implementing Zero Trust security aligned with CISA's Zero Trust Maturity Model and NIST SP 800-207, covering identity, devices, networks, applications, and data.
CISA
6 articles tagged with "CISA".
CIRCIA: Federal Cyber Incident Reporting Requirements for Critical Infrastructure
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) will require critical infrastructure entities to report cyber incidents to CISA within 72 hours and ransomware payments within 24 hours, with the final rule now expected May 2026.
CISA 2015 Cybersecurity Information Sharing Authorities Set to Expire
The Cybersecurity Information Sharing Act of 2015 faces expiration on January 30, 2026, despite bipartisan support for 10-year reauthorization. Sen. Rand Paul's objections over unrelated CISA agency concerns block permanent extension.
CISA Adds Five Vulnerabilities to KEV Catalog Including Microsoft Office Zero-Day
New additions include CVE-2026-21509 actively exploited by APT28, a Linux kernel flaw from 2018, and SmarterMail vulnerabilities. Federal agencies face February 16 remediation deadline.
NIST Releases Post-Quantum Cryptography Migration Guidance for Federal Agencies and Enterprises
New NIST and CISA guidance establishes timelines for transitioning to quantum-resistant algorithms, with federal agencies required to inventory cryptographic assets by 2027 and complete migration by 2035.
Volt Typhoon Discovered Pre-Positioned in Additional US Critical Infrastructure Sectors
Joint CISA/NSA/FBI advisory reveals Chinese state-sponsored group Volt Typhoon has expanded persistent access into US water, energy, and transportation infrastructure, maintaining dormant footholds for 12-18 months undetected.