The Federal Risk and Authorization Management Program (FedRAMP) began in 2011 to ensure the security of cloud services used by the federal government. FedRAMP is a government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP uses NIST guidelines in its own framework to enable federal agencies to use cloud services securely and efficiently. Th...

This Corporate Gray Virtual Military-Friendly Job Fair provides military-experienced job seekers the opportunity to meet with employers nationwide via text chat and video interviews. Virtual Job Fair hours are 11:00 AM to 2:00 PM (ET). This event is especially for transitioning service members, veterans, and military spouses. Civilian job seekers welcome. All job seekers are required to pre-register and upload their resume to participate in th...

No municipality can have a fully developed policy for technology that’s evolving as fast as AI, but every municipality can be prepared for how to navigate this path from procurement to reporting. In this session, municipal leaders will share both policy and technology perspectives on actionable steps for any community, regardless of how resourced it is, to map their own way forward for responsible AI exploration and use in municipal gove...

On May 4th, NARA released updated regulations on Digitization Standards for Permanent Records – AC 31.2023. The regulations established standards for digitizing permanent paper records and photographic prints. The regulations are in 36 CFR 1236, Subpart E and go into effect on June 5, 2023. NARA will be issuing a new GRS 4.5 that will cover digitizing records – the GRS and new regulations are related. These regulations have a signi...

SecureWorld events and programming foster Growth, Access, and Excellence among cybersecurity professionals. SecureWorld is… the stepping stone to grow in your abilities and career path SecureWorld is… access to the knowledge and solutions you need, in the place you live SecureWorld is… a unique experience with excellence in both speakers and content For more than 21 years, SecureWorld has been tackling global cybersecurity...

On December 23, 2022, OMB released M-23-07, “Update to Transition to Electronic Records”. Item 1.2 states, “After June 30, 2024, all agencies must transfer permanent records to NARA in electronic formats and with appropriate metadata in accordance with NARA regulations and transfer guidance.” Previously, NARA Bulletin 2018-01 defined and updated the minimum set of meta elements that must accompany transfers of permanent...

A multi-cloud strategy is the utilization of two or more cloud services from any number of cloud providers that are compatible with and extend an organization’s hybrid cloud environments. It allows agencies to deploy applications on the public and private clouds that best suit agency business objectives and application needs. A multi-cloud platform provides multiple advantages including greater flexibility, more deployment options, secur...

Zero Trust is a key component of every federal IT initiative and modernization effort. The Executive Order on Improving the Nation’s Cybersecurity, the CISA Zero Trust Maturity Model, the DISA Zero Trust Architecture, and various NIST guidance all include mission critical elements for zero trust implementation. Although the principals of Zero Trust are widely accepted, the implementation process is a detailed, time-consuming, and agency...

The Continuous Diagnostics and Mitigation (CDM) program is the process government agencies use to move toward fortifying their cybersecurity networks and systems. It was developed in 2012 to support government-wide risk-based cybersecurity solutions to assist participating agencies improve their security posture consistently and cost-effectively. In this virtual workshop, government & industry experts will provide the following: a status u...

A common misconception is IT security practices can be directly applied to ICS environments. However, a “copy and paste” of traditional IT security into industrial control systems could have problematic or even devastating consequences. The consequences of modern ICS cyber-attacks can include but are not limited to widespread power grid blackouts, failure or physical destruction of critical engineering equipment, massive business f...