Data Privacy & Cybersecurity

Request for Information on Open-Source Software Security

The Office of the National Cyber Director has issued a Request for Information regarding open-source software security. The agency is seeking input on long-term focus areas and prioritization for enhancing the security of open-source software. Comments are due by October 9, 2023.

Classified National Security Information Rule

The Information Security Oversight Office published a final rule concerning classified national security information. This rule amends 32 CFR 2001 and is effective May 9, 2022, with a comment deadline of April 28, 2022.

State, Local, Tribal, Private Sector Policy Advisory Committee Meeting Announced

The Information Security Oversight Office announced a meeting of the State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC). The meeting is scheduled for July 24, 2019. This notice serves to inform relevant parties of the upcoming session.

NISPPAC Meeting Notice

The Information Security Oversight Office has published a notice announcing a meeting of the National Industrial Security Program Policy Advisory Committee (NISPPAC). The meeting is scheduled for November 20, 2019. This notice serves to inform the public about the upcoming committee session.

NISPPAC Meeting Notice

The Information Security Oversight Office has published a notice announcing a meeting of the National Industrial Security Program Policy Advisory Committee (NISPPAC). The meeting is scheduled for July 18, 2019. This notice serves to inform relevant parties of the upcoming meeting details.

State, Local, Tribal, and Private Sector Policy Advisory Committee Meeting

The Information Security Oversight Office announced a meeting for the State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC). The meeting is scheduled for January 29, 2020, and will cover policy discussions relevant to these sectors.

NJ Scrap Tire Act Privacy Concerns

New Jersey's Scrap Tire Act, effective January 20, 2026, mandates electronic tracking of scrap tires, potentially conflicting with existing privacy laws. Businesses face criminal liability if tracking violates employee privacy statutes, creating a compliance paradox.

V8 in Chrome Vulnerable to Code Execution

CISA has added a vulnerability in Google Chrome's V8 engine to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability (CVE-2026-3910) allows remote code execution and requires federal agencies to patch by March 13, 2026.

Google Chrome Skia Out-of-Bounds Write Vulnerability

CISA has added a known exploited vulnerability, CVE-2026-3909, affecting Google Chrome versions prior to 146.0.7680.75. This vulnerability allows remote attackers to perform out-of-bounds memory access via a crafted HTML page. Agencies are directed to apply mitigations by March 13, 2026.

FreeRDP Vulnerabilities - Remote Code Execution

CERT-Bund has issued an advisory for multiple vulnerabilities in FreeRDP, a Remote Desktop Protocol implementation. The vulnerabilities have a CVSS base score of 8.8 and allow for remote code execution, denial-of-service, and information disclosure.