The federal government has been working to update its policies, architectures and frameworks around digital identity for some time. OMB revised its Identity Credential and Access Management guide in May of 2019 and that National Institute for Standards and Technology has been working on an updated version of its guidance on security and privacy controls for information systems. Then, the pandemic hit, and all programs went into overdrive as ag...

High-value penetration testing doesn't involve just throwing a bunch of hacks at a target environment and declaring victory when a shell prompt magically pops up. Instead, the best penetration testers focus on understanding their craft in-depth, providing significant value to organizations by improving their security stance through technical excellence and implementation of a well-understood and repeatable methodologies, which will deliver rea...

IT modernization has been a federal priority for years, but many agencies still struggle to turn that goal into a practical plan of action. Securing multi-year funding is one challenge, but the fundamental obstacle is often the sheer complexity of transforming government-scale systems. Smart, successful modernization demands a holistic approach that addresses several essential pillars: security, network infrastructure, multi-cloud architecture...

SANS is committed to delivering high-quality cyber security training so you can keep your skills sharp and stay ahead of cyber threats. Join us for interactive trainings during SANS Cyber Security West 2021 - Live Online (Feb 1-6, PST), and receive relevant, applicable training from wherever you are. Choose your course and register now for practical training taught by top industry practitioners. SANS Live Online events offer live-stream, instr...

Most government agencies have made the journey to cloud since the Cloud First and Cloud Smart strategies came from OMB starting in 2010. Many organizations have more than one cloud. The challenge becomes blending the different types of cloud and service models to provide access to needed data, while at the same time protecting a much enlarged attack surface created by the large number of workers who are accessing the data remotely. If there is...

OVERVIEW By the beginning of 2021, NIST will have released the finals of many Risk Management Framework (RMF) standards: SP800-53 Rev 5 – Security Controls SP800-53B – Security Control Baselines, Privacy Framework SP800-160 Vol 2 – Systems Security Engineering SP800-161 Rev 1 – Supply Chain Risk Management SP800-171 Rev 2 – Controlled Unclassified Information (CUI) and High Valued Assets (HVA) Revisions to the NIS...

The Federal Data Strategy's action plan was reworked in response to the COVID-19 crisis, while state and local governments are simultaneously expanding health data initiatives and looking for more cost-effective data solutions. Add in the growing importance of data-intensive cyber threat detection and the broad potential of AI and automation, and it becomes clear: Agencies' data challenges are evolving rapidly, and a solid data strategy is mis...

Emerging technologies offer the promise of better, faster, cheaper processing and problem solving, but they also bring the possibility of bias, security breaches and new privacy issues. Most agencies are experimenting on a small scale and testing out standards on privacy and security. Workforce also has been a concern as emerging tech matures—both to ensure displaced workers are reskilled and to make certain the job classifications are a...

Fending off cyber threats and preserving cybersecurity has never been more challenging. Among federal, state and local executives, cybersecurity consistently tops the list of concerns that keep them up at night. Attack surfaces are larger; the universe of bad actors seeking to breach security is expanding; techniques for exploiting vulnerabilities are more sophisticated; and in a digitally transformed environment, the stakes are higher, as wel...

As agencies follow the administration's IT Modernization guidance and move more of their systems to the cloud, it's essential to protect the data from a host of evolving threats. There are a number of programs to help with the journey, however. The FedRAMP program is an important part of any agency’s cloud strategy, and it is providing a path and structure to the move by certifying cloud services providers so agencies have a trusted list...