The federal Judiciary has unveiled a new Vulnerability Disclosure Policy to ensure the security of data that can be accessed online. The policy gives security researchers clear guidelines on how they may conduct vulnerability discovery activities. It also instructs researchers on how to submit discovered vulnerabilities to the Judiciary.
Vulnerability disclosure policies are quickly becoming an industry-standard in the security practice, as federal agencies work to secure their networks from hackers and other nefarious actors.
Federal government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), Department of Justice (DOJ), Department of Energy (DOE), Federal Trade Commission (FTC), and more have issued similar plans.
Under the policy, researchers must stop testing as soon as they establish that a vulnerability exists or they encounter any sensitive data. This can include personally identifiable information, financial information, or proprietary information or trade secrets of any party. Researchers also must notify the Judiciary immediately, and not disclose data they have accessed to anyone else.
This policy applies to the following systems and services:
Any service not expressly listed above is outside the disclosure policy and is not authorized for testing. Similarly, an extensive list of specific activities, including denial of service attacks, are not authorized.
The policy warns that any unauthorized activities may be regarded as illegal hacking. “If you engage in any activities that are inconsistent with this policy or other applicable law, you may be subject to criminal and/or civil liabilities,” it noted.
Questions regarding this policy and suggestions for improving it may be sent to email@example.com.
- SAP Admits to Thousands of Illegal Exports of its Software Products to Iran and Enters into Non-Prosecution Agreement with DOJBy Sam NewsApril 29, 2021Software company, SAP SE, headquartered in Walldorf, Germany, has agreed to pay combined penalties of more than $8 million as part of a global resolution with the U.S. Departments of Justice (DOJ), Commerce and Treasury.[Read More…]
- Compounding Pharmacy Mogul Sentenced for Multimillion-Dollar Health Care Fraud SchemeBy Sam NewsJanuary 15, 2021A Mississippi businessman was sentenced today for his role in a multimillion-dollar scheme to defraud TRICARE, the health care benefit program serving U.S. military, veterans, and their respective family members, as well as private health care benefit programs.[Read More…]
- Department Press Briefing – October 18, 2021By Sam NewsOctober 18, 2021Ned Price, Department [Read More…]
- Federal Research: NIH Should Take Further Action to Address Foreign InfluenceBy Sam NewsApril 22, 2021What GAO Found U.S. research may be subject to undue foreign influence in cases where a researcher has a foreign conflict of interest. Federal grant-making agencies, such as the National Institutes of Health (NIH), can address this threat by implementing conflict of interest policies and requiring the disclosure of information that may indicate potential conflicts. GAO found that NIH's policy focuses on financial conflicts of interest but does not specifically address or define non-financial interests, which may include multiple professional appointments. In the absence of agency-wide policies and definitions on non-financial interests, universities that receive federal grant funding may lack sufficient guidance to identify and manage conflicts appropriately, potentially increasing the risk of undue foreign influence. In its report, GAO noted that NIH also requires researchers to disclose information—such as foreign support for their research—as part of grant proposals, and that such information could be used to determine if certain conflicts exist. National Institutes of Health Disclosure Requirements for Grantees as of December 2020 NIH relies on universities to monitor financial conflicts of interest, and the agency collects information, such as foreign collaborations, that could be used to identify non-financial conflicts. NIH has taken action in cases where it identified researchers who failed to disclose financial or non-financial information. Such actions included referring cases to the Department of Justice for criminal investigation. Additionally, NIH has written procedures for addressing allegations of failures to disclose required information. In interviews, stakeholders identified opportunities to improve agency responses to prevent undue foreign influence in federally funded research. For example, agencies could harmonize grant application requirements and better communicate identified risks. NIH has taken steps to address the issue of foreign influence in the areas stakeholders identified. Why GAO Did This Study The federal government reported expending about $44.5 billion on university science and engineering research in fiscal year 2019. The Department of Health and Human Services funds over half of all such federal expenditures, and NIH accounts for almost all of this funding. Safeguarding the U.S. research enterprise from threats of foreign influence is of critical importance. Recent reports by GAO and others have noted challenges faced by the research community to combat undue foreign influence, while maintaining an open research environment. This testimony discusses (1) NIH's conflict of interest policy and disclosure requirements that address potential foreign influence, (2) NIH's mechanisms to monitor and enforce its policy and requirements, and (3) the steps NIH has taken to address concerns about foreign influence in federally funded research identified by stakeholders. It is based on a report that GAO issued in December 2020 (GAO-21-130).[Read More…]
- Secretary Antony J. Blinken and Ukrainian Prime Minister Denys Shmyhal Before Their MeetingBy Sam NewsMay 6, 2021
- Afghan National Arrested for 2008 Abduction of American JournalistBy Sam NewsOctober 28, 2020The Department of Justice announced the unsealing of a federal indictment charging Haji Najibullah, a/k/a “Najibullah Naim,” a/k/a “Abu Tayeb,” a/k/a “Atiqullah” with six counts related to the 2008 kidnapping of an American journalist and two Afghan nationals. Najibullah, 44, was arrested and transferred to the United States from Ukraine to face the charges in the indictment. Najibullah will be presented today before U.S. Magistrate Judge Ona T. Wang. The case is assigned to U.S. District Judge Katherine Polk Failla.[Read More…]
- Micro, Small, and Medium-Sized Enterprise Development: USAID Needs to Develop a Targeting Process and Improve the Reliability of Its MonitoringBy Sam NewsAugust 31, 2021What GAO Found For fiscal years 2015 through 2020, the U.S. Agency for International Development (USAID) generally planned to spend at least $265 million annually on micro, small, and medium-sized enterprise (MSME) assistance, according to annual reports to Congress known as Section 653(a) reports. We found that planned spending amounts for MSME assistance in operational plans differed from the spending plans in the Section 653(a) reports, with the total planned spending exceeding the annual Section 653(a) report levels. USAID has not developed a process to support compliance with statutory requirements to target MSME resources to activities that reach the very poor and to small and medium-sized enterprise resources to activities that reach enterprises owned, managed, and controlled by women. We identified three key gaps that impair USAID's ability to develop such a process. First, USAID has not identified the total funding subject to the targeting requirements. Second, although USAID has programs designed to help the very poor, it is unable to determine the amount of funding that reaches this group. Third, although USAID has MSME activities that benefit women, it has not defined enterprises owned, managed, and controlled by women and does not collect data by enterprise size. These gaps leave USAID unable to determine what percentage of its MSME resources is going to the very poor and enterprises owned, managed, and controlled by women. USAID-Funded Small Enterprise Activities in Georgia, Afghanistan, and Ghana USAID collected and reported incomplete and inconsistent data in its process for monitoring MSME assistance. USAID surveys its missions and bureaus annually to collect data on the amounts and results of MSME assistance. However, USAID collected and reported incomplete data on its MSME assistance in fiscal year 2019, the year of the most recent report. It did not send the survey to all relevant missions and bureaus, and fewer than half of those that received the survey responded. Moreover, USAID's fiscal year 2019 reporting on assistance that reached the very poor included activities from only three of 21 missions that responded to its survey. USAID guidance states that its data should clearly and adequately represent the intended result. Without complete and consistent data, USAID cannot ensure that it is reporting accurate information to Congress on its MSME assistance. Why GAO Did This Study Millions of poor families throughout the developing world derive income from MSME activities. For decades, USAID has sought to use MSME assistance as a tool to achieve economic growth and poverty reduction in low-income countries. To improve programs and activities relating to women's entrepreneurship and economic empowerment, Congress passed the Women's Entrepreneurship and Economic Empowerment (WEEE) Act of 2018. Congress included a provision in this statute for GAO to assess USAID's MSME assistance. This report examines (1) USAID's planned MSME assistance for fiscal years 2015–2020; (2) the extent to which USAID targeted its MSME assistance to women and the very poor and developed a targeting process that it uses to comply with statutory requirements; and (3) the extent to which USAID has an appropriate process for monitoring its MSME assistance. GAO analyzed USAID documents and planned spending levels and interviewed USAID officials in Washington, D.C., and at 10 missions in regions in which USAID operates.[Read More…]
- FY 2020 Request for Concept Notes for NGO Programs Benefiting Refugees, Displaced Iraqis, and Other Vulnerable Populations in Iraq, Jordan, Lebanon, and TurkeyBy Sam NewsSeptember 27, 2020Bureau of Population, [Read More…]
- Acting Assistant Attorney General Brian M. Boynton Delivers Remarks at the Cybersecurity and Infrastructure Security Agency (CISA) Fourth Annual National Cybersecurity SummitBy Sam NewsOctober 13, 2021Good afternoon. My name is Brian Boynton and I am the Acting Assistant Attorney General for the Civil Division at the Department of Justice.[Read More…]
- Lead Paint in Housing: HUD Has Not Identified High-Risk Project-Based Rental Assistance PropertiesBy Sam NewsDecember 16, 2020During fiscal years 2018 and 2019, the Department of Housing and Urban Development (HUD) obligated about $421 million through two grant programs to state and local governments to help identify and control lead paint hazards in housing for low-income households. HUD also issued guidelines for evaluating and controlling lead paint hazards, generally encouraging abatement (such as replacing building components containing lead) as the preferred long-term solution. HUD has supported research on lead paint hazard control and provided education and outreach to public housing agencies, property owners, and the public through publications and training events. HUD monitors lead paint-related risks in its Project-Based Rental Assistance Program, one of HUD's three largest rental assistance programs, through management reviews and periodic physical inspections, but has not conducted a comprehensive risk assessment to identify properties posing the greatest risk to children under the age of 6. HUD's management reviews include assessing property owners' compliance with lead paint regulations—such as by reviewing lead disclosure forms, records of lead inspections, and plans to address lead paint hazards. Inspectors from HUD's Real Estate Assessment Center also assess the physical condition of properties, including identifying damaged paint that could indicate lead paint risks. According to HUD officials, they have not conducted risk assessments in project-based rental assistance housing because they believe the program has relatively few older and potentially riskier properties. However, GAO's analysis of HUD data found that 21 percent of project-based rental assistance properties have at least one building constructed before 1978 (when lead paint was banned in homes) and house over 138,000 children under the age of 6. If HUD used available program data to inform periodic risk assessments, HUD could identify which of the properties pose the greatest risk of exposure to lead paint hazards for children under the age of 6. Unless HUD develops a strategy for managing the risks associated with lead paint and lead paint hazards in project-based rental assistance housing, it may miss the opportunity to prevent children under the age of 6 from being inadvertently exposed to lead paint in those properties. Project-Based Rental Assistance Properties with at Least One Building Built before 1978 and That House Children under Age 6, as of December 31, 2019 Note: Children under the age of 6 are at the greatest risk of lead exposure because they have frequent hand-to-mouth contact, often crawl on the floor, and ingest nonfood items. Lead paint exposure in children under the age of 6 can cause brain damage, slowed development, and learning and behavioral problems. Exposure to lead paint hazards can cause serious harm to children under 6 years old. HUD is required by law to reduce the risk of lead paint hazards in HUD-assisted rental housing—including project-based rental assistance (subsidies to make privately owned multifamily properties affordable to low-income households). The 2019 Consolidated Appropriations Act Joint Explanatory Statement includes a provision for GAO to review, among other things, HUD's oversight of lead paint and related hazards in affordable rental housing. This report (1) describes how HUD programs and guidance address lead paint hazards in HUD-assisted and other low-income rental housing, and (2) examines HUD's oversight procedures for assessing risk for lead paint hazards in project-based rental assistance housing. GAO reviewed HUD and Environmental Protection Agency (EPA) lead paint regulations and documents on lead programs and methods for addressing lead paint hazards. GAO reviewed HUD oversight policies and procedures and analyzed HUD data on building and tenant age. GAO interviewed staff at HUD, EPA, and organizations that advocate for safe affordable housing. GAO recommends that HUD (1) conduct periodic risk assessments for the Project-Based Rental Assistance Program and (2) develop and implement plans to proactively manage identified lead paint risks. HUD agreed to conduct periodic risk assessments and develop and implement a plan to proactively manage risks. For more information, contact John H. Pendleton at (202) 512-8678 or firstname.lastname@example.org.[Read More…]
- Secretary Antony J. Blinken Remarks to Mission Mexico StaffBy Sam NewsOctober 9, 2021
- Canadian National Pleads Guilty to Human Smuggling ConspiracyBy Sam NewsFebruary 24, 2021A Canadian national pleaded guilty today to conspiracy to bring aliens to the United States for private financial gain in connection with his role in a scheme to smuggle aliens from Sri Lanka through the Caribbean and into the United States.[Read More…]
- Contingency Contracting: Observations on Actions Needed to Address Systemic ChallengesBy Sam NewsAugust 23, 2021The Department of Defense (DOD) obligated about $367 billion in fiscal year 2010 to acquire goods and services to meet its mission and support its operations, including those in Iraq and Afghanistan. GAO's work, as well as that of others, has documented shortcomings in DOD's strategic and acquisition planning, contract administration and oversight, and acquisition workforce. These are challenges that need to be addressed by DOD and by the Department of State and the U.S. Agency for International Development (USAID) as they carry out their missions in Iraq and Afghanistan and prepare for future contingencies. Today's statement discusses (1) contract management challenges faced by DOD, including those that take on heightened significance in a contingency environment; (2) actions DOD has taken and those needed to address these challenges; and (3) similar challenges State and USAID face. The statement is drawn from GAO's body of work on DOD contingency contracting, contract management, and workforce, as well as prior reports on State and USAID's contracting and workforce issues.DOD faces a number of longstanding and systemic challenges that hinder its ability to achieve more successful acquisition outcomes--obtaining the right goods and services, at the right time, at the right cost. These challenges include addressing the issues posed by DOD's reliance on contractors, ensuring that DOD personnel use sound contracting approaches, and maintaining a workforce with the skills and capabilities needed to properly manage acquisitions and oversee contractors. The issues encountered with contracting in Iraq and Afghanistan are emblematic of these systemic challenges, though their significance and impact are heightened in a contingency environment. GAO's concerns regarding DOD contracting predate the operations in Iraq and Afghanistan. GAO identified DOD contract management as a high-risk area in 1992 and raised concerns in 1997 about DOD's management and use of contractors to support deployed forces in Bosnia. In the years since then, GAO has continued to identify a need for DOD to better manage and oversee its acquisition of services. DOD has recognized the need to address the systemic challenges it faces, including those related to operational contract support. Over the past several years, DOD has announced new policies, guidance, and training initiatives, but not all of these actions have been implemented and their expected benefits have not yet been fully realized. While DOD's actions are steps in the right direction, DOD needs to (1) strategically manage services acquisition, including defining desired outcomes; (2) determine the appropriate mix, roles, and responsibilities of contractor, federal civilian, and military personnel; (3) assess the effectiveness of efforts to address prior weaknesses with specific contracting arrangements and incentives; (4) ensure that its acquisition workforce is adequately sized, trained, and equipped; and (5) fully integrate operational contract support throughout the department through education and predeployment training. In that regard, in June 2010 GAO called for a cultural change in DOD that emphasizes an awareness of operational contract support throughout all aspects of the department. In January 2011, the Secretary of Defense expressed concerns about DOD's current level of dependency on contractors and directed the department to take a number of actions. The Secretary's recognition and directions are significant steps, yet instilling cultural change will require sustained commitment and leadership. State and USAID face contracting challenges similar to DOD's, particularly with regard to planning for and having insight into the roles performed by contractors. In April 2010, GAO reported that State's workforce plan did not address the extent to which contractors should be used to perform specific functions. Similarly, GAO reported that USAID's workforce plan did not contain analyses covering the agency's entire workforce, including contractors. The recently issued Quadrennial Diplomacy and Development Review recognized the need for State and USAID to rebalance their workforces and directed the agencies to ensure that they have an adequate number of government employees to carry out their core missions and to improve contract administration and oversight. GAO has made multiple recommendations to the agencies to address contracting and workforce challenges. The agencies have generally agreed with the recommendations and have efforts under way to implement them.[Read More…]
- The United States Has Repatriated 27 Americans from Syria and Iraq Including Ten Charged with Terrorism-Related Offenses for Their Support to ISISBy Sam NewsOctober 1, 2020The International [Read More…]
- NASA’s Jet Propulsion Laboratory Has a Bold, New LookBy Sam NewsIn SpaceDecember 9, 2020A giant version of [Read More…]
- Secretary Antony J. Blinken With Chuck Todd of NBC’s Meet the PressBy Sam NewsAugust 29, 2021
- Secretary Blinken’s Call with Philippine Secretary of Foreign Affairs LocsinBy Sam NewsJanuary 28, 2021Office of the [Read More…]
- Briefing with Senior Administration Officials Previewing Deputy Secretary Sherman’s Upcoming Travel to the People’s Republic of ChinaBy Sam NewsJuly 24, 2021Office of the [Read More…]
- Fourteenth Anniversary of Robert “Bob” Levinson’s AbductionBy Sam NewsMarch 9, 2021
- Florida Man and Company Plead Guilty to Fraud Conspiracy Involving Dietary SupplementsBy Sam NewsSeptember 16, 2021A Florida man pleaded guilty today to his role in a fraud scheme involving the distribution of illegal products falsely labeled as dietary supplements.[Read More…]