The Exchange

The Exchange

Playback speed
×
Share post
Share post at current time
0:00
/
Transcript

The Exchange Daily – May 13, 2026

CISO and CIO briefing: Verified IT developments impacting budgets, risk, and architecture today.
Dee Wayne Anthony
May 13, 2026

CISA and G7 Release Software Bill of Materials for AI – Minimum Elements

CISA and G7 partners published supplemental SBOM guidance tailored to AI systems. The minimum elements focus on transparency across model components and supply chains. Agencies and enterprises should integrate these into AI procurement and risk programs immediately.

Microsoft Launches MDASH Multi-Model Agentic Security System

Microsoft’s new MDASH system used multiple AI models to identify 16 new Windows vulnerabilities and topped the CyberGym benchmark. Security teams should assess agentic AI capabilities for scaled vulnerability discovery while preserving human review for critical assets.

Cohere Achieves FedRAMP High Authorization

Cohere is now FedRAMP High authorized through Second Front, the first cloud-agnostic high-impact AI platform cleared for federal use. Procurement and cloud teams can accelerate secure AI deployments under existing vehicles.

NIST Finalizes SP 800-70r5 National Checklist Program Update

The updated checklists now include expanded guidance for AI, cloud, and IoT secure configurations. Federal IT and compliance teams should map these to current FISMA and RMF processes.

CISA Issues New ICS Advisories for OT Vulnerabilities

Advisories cover Fuji Electric Tellus, ABB AC500, and additional industrial systems. OT operators must apply patches and strengthen segmentation without delay.

NOAA Completes Major AWS Cloud Migration

NOAA finished its 10-month migration to AWS, delivering enhanced AI/ML access and security. Federal data modernization programs should review this project for lessons on large-scale, secure cloud transitions.

NIST Advances AI Cybersecurity Profile and SP 800-53 Overlays

Ongoing work provides clearer guidance on securing AI systems and using AI for cyber defense. Leadership should align governance and security roadmaps with the latest NIST direction.

Topics We’re Tracking (But Didn’t Make the Cut)
• Ongoing FedRAMP 2026 rules preview and automation enhancements.
• Broader agency efforts to build organizational structures supporting AI at scale.
• Continued NIST work on AI security overlays (full profile expected later).

Sources
https://www.cisa.gov/resources-tools/resources/software-bill-materials-ai-minimum-elements
https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-finds-16-new-vulnerabilities/
Cohere / Second Front FedRAMP announcement (May 12, 2026)
https://csrc.nist.gov/News/2026/final-nist-sp-800-70r5-is-available
CISA ICS advisories (May 12, 2026)
NOAA / AWS migration announcement (May 12, 2026)
NIST AI Cybersecurity Profile updates (May 12, 2026 coverage)

The Exchange Daily and Weekly deliver verified public-source intelligence for executive decision-makers. All information is from reputable, publicly available sources. Every effort is made to keep details accurate as of publication time, but readers should always confirm time-sensitive items such as policy changes, budget figures, and timelines with official documents and briefings. Always validate with primary sources before action.

The Exchange Daily and the Exchange Weekly do not constitute legal, investment, procurement, security, compliance, or technical advice. Content is for informational purposes only.

The Exchange Daily and Weekly are a production of Metora Solutions LLC, a HUBZone and Service Disabled Veteran Owned Small Business. All rights reserved. Copyright Metora Solutions LLC 2026.

Discussion about this video

User's avatar

Ready for more?

© 2026 Metora Solutions LLC · Publisher PrivacyPublisher Terms
Substack · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture