Federal agencies have been ordered to move toward zero trust architectures with alacrity, through Executive Order 14028 on improving cybersecurity and the Office of Management and Budget’s two memoranda, M-22-09 on meeting zero trust cybersecurity principles, and M-21-31 on improving investigative and remediation capabilities following cyber breaches. The Department of Homeland Security observed in its Zero Trust Implementation Strategy...

Generative artificial intelligence (genAI) has arrived with the force of a tsunami across the federal government. In October, Executive Order 14110 on the safe, secure, and trustworthy development and use of AI established the broad outlines for how agencies should evaluate and implement their AI use cases. Now the Office of Management and Budget has issued a memorandum directing agencies to institute governance and risk management processes g...

When Executive Order 14028, “Improving the Nation’s Cybersecurity,” was issued in May 2021, it included directives for agencies to establish several incident response and logging procedures, including sharing information on incident detection and response, by August 2023. In August of that year, the Office of Management and Budget issued Memorandum 21-31 setting specific requirements for agencies to meet, for which the Cybers...

The state of New York and many of its cities are aggressively pursuing a strategic overhaul of the delivery of services to residents. For instance, the state’s 2022-23 IT strategic plan emphasizes improving IT resiliency in part by getting away from legacy systems, implementing an enterprise architecture, and improving demand management and service delivery, to name a few. The state recently unveiled its new statewide cybersecurity strat...

Building a diverse workforce is about more than ensuring that different demographic groups are represented. There is increasing evidence in the global business community that companies with greater diversity in their employees significantly outperform those with little diversity. The same is true of federal agencies. For state, local, tribal, and territorial agencies, especially when job markets are tight, recruiting, training, and retaining a...

Florida is the third-largest state in the U.S. by population, and it continues to grow rapidly – from 2010 to 2020, its population grew by 14.5%. That kind of growth rate might be the envy of other states, but it also means increased pressure on the state government to deliver internet-based, user-friendly services for everything from child support services to renewing business licenses. To accomplish this transformation in state governm...

Recent headlines have been full of stories about state and local governments and school systems being targeted by malicious actors. And these organizations are likely to face tight budgets and limited manpower to deal with a cyber threat. For many agencies, the reality is it’s a matter of when – not if – they will be attacked. There are steps that can be taken to be better prepared to cope with the arduous task of recovery, m...

The central premise of Office of Management and Budget Memo 22-09 laying out the Federal Zero Trust Strategy is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Controlling access is everything. This makes defining identity crucial – not just for people, but for every device of any kind that tries to access an agency system. The strongest form of identity management is attribute-ba...

One of the foundational tenets of zero trust architecture is Identity – providing credentials for every person and device – in order to manage access to government systems, whether entering from the outside or moving laterally from within. In other words, identity, credential and access management (ICAM) should be addressed as a whole, not as separate point solutions. This applies across all systems, all platforms, and all environm...

After several high-profile cyber incidents resulting from exploited vulnerabilities, the Office of Management and Budget released a memorandum (M-22-09) in 2022 that requires agencies to adopt a Federal Zero-Trust architecture. This new architecture includes a key element: requiring agencies to meet specific cyber standards, including application security testing, by the end of 2024. Two elements of modern software are growing in importance fo...