Executive Order 14028 (Improving the Nation’s Cybersecurity) established new requirements to secure the federal government’s software supply chain. The requirements involved systematic reviews, process improvements, and security standards for both software suppliers and developers, in addition to customers who acquire software for the federal government. The software supply chain is only truly secure when all entities throughout t...

Information drives and powers modern government with federal, state, and local agencies seeking to improve engagement opportunities with citizens. The challenge is to effectively manage the explosion of information while also protecting citizen’s data and privacy. Keeping up with the rapid expansion of information has put pressure on outdated governance and compliance practices. The Federal Data Strategy outlined specific actions to be t...

The Federal Risk and Authorization Management Program (FedRAMP) began in 2011 to ensure the security of cloud services used by the federal government. FedRAMP is a government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP uses NIST guidelines in its own framework to enable federal agencies to use cloud services securely and efficiently. Th...

Securing a cloud environment can be challenging and time consuming, especially if you don’t know where to start. This Workshop will scrutinize a common cloud service: Virtual Machines, and focus on the secure implementation of that service. We’ll discuss Operating Systems (and why it matters from a cloud perspective), as well as security groups, remote access, system and network hardening as well as how mature organizations handle...