As agencies move to implement a zero trust architecture, the dispersed nature of their cloud-based and hybrid networks means more attention than ever must be paid to the security of Active Directory (AD), which administrators use to manage permissions and access to network resources by far-flung endpoints. Attackers can gain unauthorized access to a company’s data if Active Directory is compromised; monitoring your AD will help protect s...

One Cybersecurity and Infrastructure Security Agency (CISA) program that has been widely adopted throughout the federal government also is one of its longest-established – the Continuous Diagnostics and Mitigation (CDM) program. Introduced in 2012, the program provides a dynamic approach to strengthening the cybersecurity of government networks and systems. The program has evolved over the past decade to add new capabilities, including c...

Seeing changes in the physical features of the earth historically has taken eons – sometimes literally, as in identifying the shifting of Earth’s tectonic plates and the drift that created the continents as we know them. But the advent of satellites, drones, sensors and other technologies provides a constant flow of data that accurately reflects the conditions that societies encounter today. In 2017, the Department of Defense creat...

The cybersecurity slogan for zero trust is a simple one: Never trust, always verify. States, localities, tribes and territories face the same cyber threats as the federal government, and many of their agencies are wrestling through how they can implement zero trust architectures. One of the most important elements in pursuing zero trust is implementing microsegmentation — partitioning a network into small, isolated sections to reduce the...

One of the foundational tenets of zero trust architecture is Identity – providing credentials for every person and device – in order to manage access to government systems, whether entering from the outside or moving laterally from within. In other words, identity, credential and access management (ICAM) should be addressed as a whole, not as separate point solutions. This applies across all systems, all platforms, and all environm...

As State and Local agencies pursue their zero trust goals taking into consideration the Executive Order 14028, “Improving the Nation’s Cybersecurity,” it is easy to focus on technology solutions. But that overlooks something fundamental about both the challenge and the purpose of moving to zero trust – the human beings that will use the redesigned systems to better meet their agency’s mission. If a zero-trust impl...

After several high-profile cyber incidents resulting from exploited vulnerabilities, the Office of Management and Budget released a memorandum (M-22-09) in 2022 that requires agencies to adopt a Federal Zero-Trust architecture. This new architecture includes a key element: requiring agencies to meet specific cyber standards, including application security testing, by the end of 2024. Two elements of modern software are growing in importance fo...

For government agencies, case management – delivering services to people and businesses – is the heart of their mission. In almost all cases, however, case management systems have gotten more complicated, more difficult to manage, and more expensive. Agencies today depend on legacy, siloed systems that have changed through kludges, “an ill-assorted collection of parts assembled to fulfill a particular purpose.” Rip-and-...

Federal agencies take seriously the cybersecurity of their IT systems. They must observe numerous federal policies and programs, from Executive Order 14028 on down. Many agencies are far less aware of the need to strengthen the security of their operations technology (OT), the equipment that runs many kinds of systems, including healthcare. Historically, that was less of an issue since most OT systems were closed and standalone. But the intern...

The technology revolution that has reshaped consumer markets has now arrived at the state level. Case in point: the State of Ohio, where state, local and educational organizations are moving quickly to integrate innovative technologies that can drive better decision-making while lowering the cost of ownership for IT systems. Incorporating new technologies also creates opportunities to reimagine the future workforce, for both the public and pr...