The central premise of Office of Management and Budget Memo 22-09 laying out the Federal Zero Trust Strategy is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Controlling access is everything. This makes defining identity crucial – not just for people, but for every device of any kind that tries to access an agency system. The strongest form of identity management is attribute-ba...

In 2022, the Department of Defense created a cross-functional team to accelerate the adoption of 5G and future-generation wireless networking technologies, laying the foundation for new opportunities to implement innovative solutions to military needs. The potential is there for 5G (and beyond) to remake the integration and interoperability of the different DoD domains – air, land, sea, space, and cyber – as envisioned in DoD...

Mobile devices are an integral part of an efficient workplace and securing them has become a prevailing concern for individuals and organizations, given their widespread use and the sensitive data they contain. To address these concerns and to provide guidance on how mobile devices can be protected, the National Institute of Standards and Technology (NIST) has developed a set of guidelines for managing the security of mobile devices throughout...

One Cybersecurity and Infrastructure Security Agency (CISA) program that has been widely adopted throughout the federal government also is one of its longest-established – the Continuous Diagnostics and Mitigation (CDM) program. Introduced in 2012, the program provides a dynamic approach to strengthening the cybersecurity of government networks and systems. The program has evolved over the past decade to add new capabilities, including c...

The persistence of nation-state actors has introduced a threat to America’s cybersecurity landscape that has never been seen before. Ample countermeasures have been prescribed through various White House, DoD, and CISA guidance that places responsibility on government and private industry to follow these new guidelines for the development of secure software. As we turn the corner toward the close of the federal fiscal year and begin cybe...

Federal agencies across government have started the shift in mindset from just patching and remediation to truly transformative cybersecurity modernization. There is no better example than the move to developing zero trust architecture governmentwide. While every agency is in a different stage of its ZT implementation journey, there are key guideposts and best practices that every federal IT and security team should be following to optimize th...

OT security is finally getting its due attention and priority. As asset owners and OT security architects face growing risks and pressure to connect and converge their networks with those of IT, they need support from their leadership more than ever. Join Claroty and ICIT for a discussion of how CISOs can support these crucial teams to effectively secure these critical networks. Filtering out the noise of doomsday predictions, we offer CISOs p...

ICIT Virtual Briefing: Software Supply Chain Security – Balancing Internal Orchestration with Attack Vectors Along with security controls and AppSec policies, the way you and your teams treat the software you build over time impacts the speed at which you can react to a threat. The truth is that open source software (OSS) is often treated as if it isn’t a security problem—until it is. The log4j vulnerability and the subsequen...

Join us for this fireside chat where Nic Chaillan, former Chief Software Officer for the US Air Force, and Gary Barlet, Federal Field CTO for Illumio, discuss the EO's implementation, how the private sector responded to the request for support, and ongoing implementation needs and challenges. May 2022 marks the 1st anniversary of Executive Order 14028: Improving the Nation's Cybersecurity" which tasked Government agencies with adopting best pr...

The May 12, 2021 White House Executive Order 14028 and subsequent Office of Management and Budget Memo M-22-09 set forth a Federal Zero Trust Architecture strategy and a new baseline for access controls. In order to reinforce the government’s defenses against increasingly sophisticated and persistent threat campaigns, agencies are now required to meet specific cybersecurity standards and objectives by the end of fiscal year 2024. M-22-09...