When Executive Order 14028, “Improving the Nation’s Cybersecurity,” was issued in May 2021, it included directives for agencies to establish several incident response and logging procedures, including sharing information on incident detection and response, by August 2023. In August of that year, the Office of Management and Budget issued Memorandum 21-31 setting specific requirements for agencies to meet, for which the Cybers...

The state of New York and many of its cities are aggressively pursuing a strategic overhaul of the delivery of services to residents. For instance, the state’s 2022-23 IT strategic plan emphasizes improving IT resiliency in part by getting away from legacy systems, implementing an enterprise architecture, and improving demand management and service delivery, to name a few. The state recently unveiled its new statewide cybersecurity strat...

Building a diverse workforce is about more than ensuring that different demographic groups are represented. There is increasing evidence in the global business community that companies with greater diversity in their employees significantly outperform those with little diversity. The same is true of federal agencies. For state, local, tribal, and territorial agencies, especially when job markets are tight, recruiting, training, and retaining a...

Florida is the third-largest state in the U.S. by population, and it continues to grow rapidly – from 2010 to 2020, its population grew by 14.5%. That kind of growth rate might be the envy of other states, but it also means increased pressure on the state government to deliver internet-based, user-friendly services for everything from child support services to renewing business licenses. To accomplish this transformation in state governm...

Recent headlines have been full of stories about state and local governments and school systems being targeted by malicious actors. And these organizations are likely to face tight budgets and limited manpower to deal with a cyber threat. For many agencies, the reality is it’s a matter of when – not if – they will be attacked. There are steps that can be taken to be better prepared to cope with the arduous task of recovery, m...

The central premise of Office of Management and Budget Memo 22-09 laying out the Federal Zero Trust Strategy is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Controlling access is everything. This makes defining identity crucial – not just for people, but for every device of any kind that tries to access an agency system. The strongest form of identity management is attribute-ba...

One of the foundational tenets of zero trust architecture is Identity – providing credentials for every person and device – in order to manage access to government systems, whether entering from the outside or moving laterally from within. In other words, identity, credential and access management (ICAM) should be addressed as a whole, not as separate point solutions. This applies across all systems, all platforms, and all environm...

After several high-profile cyber incidents resulting from exploited vulnerabilities, the Office of Management and Budget released a memorandum (M-22-09) in 2022 that requires agencies to adopt a Federal Zero-Trust architecture. This new architecture includes a key element: requiring agencies to meet specific cyber standards, including application security testing, by the end of 2024. Two elements of modern software are growing in importance fo...

For government agencies, case management – delivering services to people and businesses – is the heart of their mission. In almost all cases, however, case management systems have gotten more complicated, more difficult to manage, and more expensive. Agencies today depend on legacy, siloed systems that have changed through kludges, “an ill-assorted collection of parts assembled to fulfill a particular purpose.” Rip-and-...

One of the biggest social issues the U.S. faces today is how to achieve health equity, where everyone has a fair and just opportunity to reach and maintain their best level of personal health. The challenges are many, systemic, and interconnected – economic, institutional, educational, and social barriers prevent many with the greatest needs from being able to access the care and information they require. Over the past decades there have...