Page 7 - Threat Intelligence 11-27-2019
P. 7
Regulatory and
Privacy News
Updated FISMA guidance puts new reporting mandates on agencies. The Office of Management and Budget
has released updated guidance to federal civilian agencies on complying with the Federal Information Security
Management Act, outlining timelines and deliverables for reporting security incidents, information sharing and
vulnerability scans of federal systems and websites. The memo specifies that annual reports from each agency
to Congress are due no later than March 2, 2020, and outlines a host of new deadlines. Chief Financial Officer
Act agency CIOs are expected to update the metrics they use for evaluating the security of their systems and
identifying high-value assets on a quarterly basis, while non-CFO Act agencies must do the same twice a year.
Under FISMA, civilian agencies are required to report security incidents to the Cybersecurity and Infrastructure
Security Agency at the Department of Homeland Security, including the attack vector used, impact category
and other attributes. Starting this month, and on the 15th of every month after that, CISA will start sending
OMB details for each incident as well as summary reports for incidents that are determined to be at a medium
priority level or higher. Each agency must also submit a letter signed by the agency head assessing the agency's
security posture and detailing the total number of incidents reported to CISA.
Source: https://fcw.com/articles/2019/11/20/fisma-updates-johnson.aspx
U.S. Said to Extend Reprieve for Huawei. The Trump administration is set to once again extend a license that
will allow American companies to continue doing business with Huawei, the Chinese telecom giant, people
familiar with the deliberations said. The fate of Huawei has hung in the balance for many months, as the
Trump administration has deliberated over how to treat a company many American officials consider a
national security risk, but the Chinese government views as central to its technology ambitions. While the
company’s future is not technically a part of trade talks between the two countries, President Trump has
brought Huawei up as a potential bargaining chip in a long-running trade war. In May, the Commerce
Department placed Huawei, which constructs advanced 5G networks that will be central to the next
generation of wireless communication, on a blacklist that banned the firm from buying American products
without government approval. The ban posed problems for rural telecommunications companies in the
United States, which rely on Huawei for parts and equipment as well as American companies that depend on
selling to the Chinese firm. To give them time to adjust to the new order, the Commerce Department issued a
general reprieve that allowed companies to continue to do business with Huawei for a short time. That
reprieve is set to expire on Monday, but the administration is expected to extend it for a period of time.
Source: https://www.nytimes.com/2019/11/15/business/us-reprieve-huawei.html
Account records for up to 1.2B people stolen in massive alleged data exposure. In possibly the second largest
data exposure of all time, account records for 1.2 billion people were found unprotected online.
Wired reported today that the data on an open Elasticsearch server includes various databases with a trove of
data. Some of the data included IP addresses as well other various personally identifiable data such as names,
email addresses, phone numbers, LinkedIn and Facebook profile information. It reportedly didn’t include
critical information such as passwords, credit card numbers or Social Security numbers. Within a few hours,
the server apparently was taken offline. The U.S. Federal Bureau of Investigation is said to be investigating.
Source: https://siliconangle.com/2019/11/22/1-2b-account-records-stolen-latest-serious-data-hack/
www.accumepartners.com
7
