Security operations for federal systems. CISA directives, US-CERT incident response, supply chain risk, and the KEV catalog.
On January 23, 2026, the Office of Management and Budget published Memorandum M-26-05 and rescinded the Common Form attestation requirement that had anchored federal software supply chain compliance for three years. Memoranda M-22-18 and M-23-16...
Read the Guide
When the Cybersecurity and Infrastructure Security Agency (CISA) launched the Known Exploited Vulnerabilities (KEV) catalog in November 2021, it contained roughly 300 entries. By early 2026, that number exceeds 1,500. CISA adds new entries continuously,...
Read the Guide
How many active Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directives apply to your agency right now? Not the ones you heard about at last quarter's briefing. The ones with open compliance windows, active...
Read the Guide
Every federal Chief Information Security Officer in 2026 is being asked the same question by a deputy administrator or a board liaison: "Are we Cybersecurity Framework 2.0 compliant?" The honest answer is that there is...
Read the GuideOne compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.