One Cybersecurity and Infrastructure Security Agency (CISA) program that has been widely adopted throughout the federal government also is one of its longest-established – the Continuous Diagnostics and Mitigation (CDM) program. Introduced in 2012, the program provides a dynamic approach to strengthening the cybersecurity of government networks and systems. The program has evolved over the past decade to add new capabilities, including c...

The persistence of nation-state actors has introduced a threat to America’s cybersecurity landscape that has never been seen before. Ample countermeasures have been prescribed through various White House, DoD, and CISA guidance that places responsibility on government and private industry to follow these new guidelines for the development of secure software. As we turn the corner toward the close of the federal fiscal year and begin cybe...

When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

Federal agencies across government have started the shift in mindset from just patching and remediation to truly transformative cybersecurity modernization. There is no better example than the move to developing zero trust architecture governmentwide. While every agency is in a different stage of its ZT implementation journey, there are key guideposts and best practices that every federal IT and security team should be following to optimize th...

In today’s interconnected and rapidly evolving digital landscape, ensuring secure access to sensitive resources is of paramount importance. There are various methods of securing data and Federal agencies have explored a majority of them. Identity, Credential, and Access Management (ICAM) and Attribute-Based Access Control (ABAC) have emerged as two prominent frameworks that enable organizations to address the challenges associated with a...

Modern cybersecurity measures such as post-quantum cryptography (PQC) and zero trust architecture (ZTA) are essential to protect U.S. critical infrastructure and ensure a resilient nation. And with a flurry of comprehensive initiatives coming from the Executive Branch, Pentagon, NSA, and NIST, it can be challenging for U.S. government CIOs and CISOs to determine where to prioritize resources. But PQC and ZTA aren’t mutually exclusive: ef...

In the digital age, government agencies face increasing threats from spyware that can compromise sensitive information and undermine national security. To combat this, many government organizations are taking proactive measures by implementing executive orders and directives to ban specific applications on their mobile devices. However, this approach presents challenges in terms of scalability, visibility, and keeping up with rapidly evolving...

Federal agencies must undergo the complex and laborious process of security authorization to operate (ATO) for each information system (IS) in accordance with the Federal Information Security Modernization Act (FISMA). Currently, most agencies rely on manual documentation processes. These include popular productivity tools to capture the applicable security controls and the status/plans of implementation of the controls for each IS as well as...

Today’s cybersecurity threat landscape means Federal professionals must take a proactive and practical approach to defending agency personnel, systems, networks, and data. IT infrastructures need resiliency that is built in, understood by the workforce, and prepared to work beyond the next threat. Creating a resilient IT architecture is not an admission of anticipated defeat. Rather, it’s insurance against probable events and incid...

To advance Zero Trust mandates, federal IT leaders need an accurate, trusted, and complete picture of their entire IT estate. Attend this webinar to learn how your agency can better comply with OMB’s January 2022 memo, M-22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. Attendees will hear how to develop a real-time situational awareness and understanding of everything on their networks, whether they are based...