One Cybersecurity and Infrastructure Security Agency (CISA) program that has been widely adopted throughout the federal government also is one of its longest-established – the Continuous Diagnostics and Mitigation (CDM) program. Introduced in 2012, the program provides a dynamic approach to strengthening the cybersecurity of government networks and systems. The program has evolved over the past decade to add new capabilities, including c...

The persistence of nation-state actors has introduced a threat to America’s cybersecurity landscape that has never been seen before. Ample countermeasures have been prescribed through various White House, DoD, and CISA guidance that places responsibility on government and private industry to follow these new guidelines for the development of secure software. As we turn the corner toward the close of the federal fiscal year and begin cybe...

Federal agencies across government have started the shift in mindset from just patching and remediation to truly transformative cybersecurity modernization. There is no better example than the move to developing zero trust architecture governmentwide. While every agency is in a different stage of its ZT implementation journey, there are key guideposts and best practices that every federal IT and security team should be following to optimize th...

OT security is finally getting its due attention and priority. As asset owners and OT security architects face growing risks and pressure to connect and converge their networks with those of IT, they need support from their leadership more than ever. Join Claroty and ICIT for a discussion of how CISOs can support these crucial teams to effectively secure these critical networks. Filtering out the noise of doomsday predictions, we offer CISOs p...

ICIT Virtual Briefing: Software Supply Chain Security – Balancing Internal Orchestration with Attack Vectors Along with security controls and AppSec policies, the way you and your teams treat the software you build over time impacts the speed at which you can react to a threat. The truth is that open source software (OSS) is often treated as if it isn’t a security problem—until it is. The log4j vulnerability and the subsequen...

Join us for this fireside chat where Nic Chaillan, former Chief Software Officer for the US Air Force, and Gary Barlet, Federal Field CTO for Illumio, discuss the EO's implementation, how the private sector responded to the request for support, and ongoing implementation needs and challenges. May 2022 marks the 1st anniversary of Executive Order 14028: Improving the Nation's Cybersecurity" which tasked Government agencies with adopting best pr...

The May 12, 2021 White House Executive Order 14028 and subsequent Office of Management and Budget Memo M-22-09 set forth a Federal Zero Trust Architecture strategy and a new baseline for access controls. In order to reinforce the government’s defenses against increasingly sophisticated and persistent threat campaigns, agencies are now required to meet specific cybersecurity standards and objectives by the end of fiscal year 2024. M-22-09...

The Federal Government has spent a long time developing efficient, strong security practices to verify and authenticate identities—and for good reason. We’ve seen how incompatible authentication mechanisms hinder interagency communication and collaboration, as well as how weak authentication mechanisms leave the Federal Government vulnerable to exploits. Over the years, a variety of policies and memos—as well as high-profile...

With more cloud-based services and solutions built to support agencies with their missions, the Federal Risk and Authorization Management Program (FedRAMP) assures that these offerings match the government’s rigorous security and compliance requirements. In the 4th annual GovForward™ event, FedRAMP leaders, government executives, and industry experts will convene to discuss Capitol marketplace priorities, FedRAMP’s outlook fo...

Approximately 87% of critical infrastructure is owned by the private sector, so how can the government help defend it in cyberspace, especially against nation-state adversaries such as Russia and China? The Biden Executive Order, extended 100-day action plan, and other directives call for private-public collaboration to protect the nation’s grid, water/wastewater facilities, and pipelines, but how do you take action to implement shared d...