The Executive Branch has made it clear the United States needs a more resilient and secure supply chain to ensure economic prosperity and national security. The supply chain is only truly secure when all entities throughout the public sector supply chain carry out effective and coordinated security measures to ensure the integrity of supply chain data, the safety of goods, and the security of the respective agency. This virtual workshop will r...

DevSecOps incorporates security initiatives at every stage of the software development life cycle (SDLC). It is a set of practices combining software development, security, and IT operations with the goal of shortening the systems development life cycle securely. From identifying patterns to uncovering new ways to support the mission, DevSecOps is playing an essential role in government’s digital transformation efforts. This virtual work...

The Federal Risk and Authorization Management Program (FedRAMP) began in 2011 to ensure the security of cloud services used by the U.S. Government. FedRAMP is a government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP uses NIST guidelines in its own framework to enable U.S. Government agencies to use cloud services securely and efficientl...

It has been a busy past decade for the Records Management Community: 0MB Memorandum M-12-18, Managing Government Records Directive, required to the fullest extent possible, agencies eliminate paper and use electronic recordkeeping. 0MB Memorandum M-14-16, Guidance on Managing Email, with goal of by December 31, 2016, Federal agencies will manage both permanent and temporary email records in an electronically accessible format OMB Memorandum M-...

Many cloud subject matter experts agree that an agency’s cloud strategy must be aligned with agency mission. Among the most common reasons cloud strategies fail are not having a solid business/operational case for cloud migration, failing to test before deployment, and underestimating the time and funding required. Success factors include “ensuring the whole organization understands the intent, direction and roadmap of cloud adopti...

The Continuous Diagnostics and Mitigation (CDM) program is a way government agencies move toward fortifying their cybersecurity networks and systems. It was developed in 2012 to provide government agencies with risk-based cybersecurity solutions to protect federal civilian networks across organizational tiers. Specifically, CDM helps federal agencies identify cybersecurity risks, prioritize those risks, and enable staff to focus on those prior...

The Continuous Diagnostics and Mitigation (CDM) program is the way government agencies move toward fortifying their cybersecurity networks and systems. It was developed in 2012 to support government-wide risk-based cybersecurity solutions to assist participating agencies improve their security posture consistently and cost-effectively. In this virtual workshop, government & industry experts will provide the following: a status update on CD...

Zero Trust is a key component of every federal IT initiative and modernization effort. The Executive Order on Improving the Nation’s Cybersecurity, the CISA Zero Trust Maturity Model, the DISA Zero Trust Architecture, and various NIST guidance all include guidance for zero trust architectures. This virtual workshop will focus on actual Zero Trust implementations, and the associated lessons learned.

Zero Trust is a key component of every federal IT initiative and modernization effort. The Executive Order on Improving the Nation’s Cybersecurity, the CISA Zero Trust Maturity Model, the DISA Zero Trust Architecture, and various NIST guidance all include mission critical elements for zero trust implementation. Although the principals of Zero Trust are widely accepted, the implementation process is a detailed and time-consuming process....

Government wide pressure to reduce IT costs and optimize operations has led many agencies to embrace cloud computing. Despite the potential savings and improved efficiencies, securing the cloud remains a major concern. Cloud Computing Security can be defined as defending the confidentiality, integrity, and availability of agency assets (data, applications, infrastructure) using cloud services from both outside and insider threats. Securing the...