Risk Management / Regulatory content

Federal agencies are making strides in reducing cybersecurity risks thanks to the Continuous Diagnostics and Mitigation (CDM) program, but significant gaps remain. While CDM has improved agencies’ ability to respond…

Learn More

As artificial intelligence becomes more embedded in cybersecurity, its influence on the offense-defense balance is growing—but in unpredictable ways. AI could strengthen defenders by automating patching, hardening networks, and identifying…

Learn More

The GAO reviewed how the Department of Veterans Affairs manages its healthcare providers’ professional credentials and found notable weaknesses. Thousands of providers had expired or potentially invalid licenses, which could…

Learn More

As artificial intelligence systems become more embedded in critical infrastructure and decision-making, securing them is no longer optional. This report breaks down the top 10 security vulnerabilities facing large language…

Learn More

The Ceres 10-point plan provides a comprehensive roadmap for insurers, regulators, local governments, community groups, and investors to collaborate on ensuring the industry’s resilience. By taking bold action, embracing innovation,…

Learn More

This report is the second annual analysis Ceres has conducted of major U.S. insurers’ climate risk strategies by examining the disclosures companies are making under the National Association of Insurance…

Learn More

As federal agencies ramp up AI adoption, this OMB memorandum outlines how to responsibly and efficiently acquire AI systems while safeguarding privacy, civil liberties, and public trust. It emphasizes minimizing…

Learn More

The Office of Management and Budget issued new guidance to accelerate federal agency adoption of AI while maintaining public trust and responsible governance. Agencies are directed to reduce bureaucratic barriers,…

Learn More

This report examines the legal complexities surrounding when and how judicial review of federal agency actions can be time-barred. It explores general and special statutory limitations, such as the six-year…

Learn More

The Dams Sector Waterside Barriers Guide, published by CISA, provides dam owners and operators with guidance on using waterside barriers to protect critical infrastructure from water-based threats such as swimmers,…

Learn More

The Dams Sector Personnel Screening Guide by CISA provides owners and operators of dams, levees, and related infrastructure with strategies to mitigate insider threats through effective pre-employment screening. It outlines…

Learn More

In today’s rapidly evolving cyber environment, obtaining an initial Authorization to Operate (ATO) under the Risk Management Framework (RMF) can take anywhere from 6 to 36 months. Given the complexity…

Learn More

The April 2025 revision of NIST SP 800-61 provides updated guidance for integrating incident response into broader cybersecurity risk management efforts, aligned with the NIST Cybersecurity Framework (CSF) 2.0. It…

Learn More

Roundtable 3: Government as a Buyer of AI As AI technologies advance, federal agencies face mounting challenges in responsibly procuring and managing AI tools. Roundtable participants emphasized the need for…

Learn More

Fast flux is a DNS-based evasion technique that allows malicious actors to hide their infrastructure and maintain resilient command-and-control operations. This tactic rapidly changes IP addresses linked to malicious domains,…

Learn More