The cybersecurity slogan for zero trust is a simple one: Never trust, always verify. This slogan fits into the Department of Defense mindset, which is always focused on how to reduce risk, but it’s a challenge to apply it to the federal government’s largest agency. An important tool in pursuing zero trust is to implement microsegmentation – partitioning a network into small, isolated sections to reduce the attack surface in e...

One Cybersecurity and Infrastructure Security Agency (CISA) program that has been widely adopted throughout the federal government also is one of its longest-established – the Continuous Diagnostics and Mitigation (CDM) program. Introduced in 2012, the program provides a dynamic approach to strengthening the cybersecurity of government networks and systems. The program has evolved over the past decade to add new capabilities, including c...

Federal agencies take seriously the cybersecurity of their IT systems. They must observe numerous federal policies and programs, from Executive Order 14028 on down. Many agencies are far less aware of the need to strengthen the security of their operations technology (OT), the equipment that runs many kinds of systems, including healthcare. Historically, that was less of an issue since most OT systems were closed and standalone. But the intern...

When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

Cybersecurity professionals are well aware that the threat landscape they live in is volatile and poses ever-changing threats to the systems they defend. One kind of risk is exploding – attacks on APIs. APIs are such attractive targets because their purpose is to allow two or more applications to communicate with each other. Infecting an API drastically expands the attack surface, but most enterprises do not have transparency into their...

Federal agencies have taken the lead in the public sector’s adoption of cloud computing. It has provided many benefits, including flexibility for applications, cost savings as legacy systems have been phased out, and empowering customers in their interactions with agencies – but it also has opened new methods for cyberattacks, such as corrupting elements of the software supply chain. As a result, data protection is more important t...

Government agencies at all levels are doing everything they can to protect their data from the ongoing onslaught of cyberattacks. Whether it’s implementing zero trust architecture to meet the requirements of Executive Order 14028, federal agencies using FedRAMP certified cloud services, any of the dozens of state, local, municipal and educational organizations enrolled in StateRAMP, government as a whole understands the critical importan...

Federal agencies have been mandated to migrate to IPv6; the mandate requires at least 20% of IP-enabled assets on agencies’ networks operate in IPv6-only environments by the end of FY 2023. Join us for the last of the quarterly sessions as thought leaders from government and industry share real-world examples and lessons learned in working to meet this mandate over the past year. We’ll Discuss: Review the progress made by agencies...

It has been almost seven years since the White House issued Presidential Policy Directive 40, setting out the federal continuity policy “to maintain a comprehensive and effective continuity capability through Continuity of Operations (COOP), Continuity of Government (COG), and Enduring Constitutional Government (ECG) programs, ensuring the resilience and preservation of government structure under the United States Constitution and the co...

After decades of delay, cybersecurity has become a defining issue for the United States. In response, when the White House laid out its zero trust requirements in January 2022, it set an ambitious goal – that all agencies have their zero trust infrastructure in place before October 1, 2024. This is because of the reality of the digital age: a persistent threat environment is the norm in the IT world, and agencies have to assume they...