Office of Management and Budget (OMB) Memorandum M-22-09 requires “agencies to achieve specific zero trust security goals” and designates “Identity” as the first of five pillars from CISA’s zero trust maturity model. Additionally, M-22-09 provides specific actions for the Identity pillar that include, employing centralized identity management systems that integrate with agency applications and platforms; leveragin...

The persistence of nation-state actors has introduced a threat to America’s cybersecurity landscape that has never been seen before. Ample countermeasures have been prescribed through various White House, DoD, and CISA guidance that places responsibility on government and private industry to follow these new guidelines for the development of secure software. As we turn the corner toward the close of the federal fiscal year and begin cybe...

Federal agencies across government have started the shift in mindset from just patching and remediation to truly transformative cybersecurity modernization. There is no better example than the move to developing zero trust architecture governmentwide. While every agency is in a different stage of its ZT implementation journey, there are key guideposts and best practices that every federal IT and security team should be following to optimize th...

In today’s interconnected and rapidly evolving digital landscape, ensuring secure access to sensitive resources is of paramount importance. There are various methods of securing data and Federal agencies have explored a majority of them. Identity, Credential, and Access Management (ICAM) and Attribute-Based Access Control (ABAC) have emerged as two prominent frameworks that enable organizations to address the challenges associated with a...

To address the dynamic challenge of Insider Threats, organizations must have an agile process that should include training and the need to stay connected with their internal policies, external requirements, evolving risk discovery technology, best practices from within and other organizations, and government lessons learned. Simply stated, training is not a one-and-done or calendar-based ‘check the box activity.’ It is a critical c...

In the digital age, government agencies face increasing threats from spyware that can compromise sensitive information and undermine national security. To combat this, many government organizations are taking proactive measures by implementing executive orders and directives to ban specific applications on their mobile devices. However, this approach presents challenges in terms of scalability, visibility, and keeping up with rapidly evolving...

With all of the components of Zero Trust, there are various models and theories that an organization can use to strengthen their cybersecurity practices. The CISA Zero Trust Maturity Model and the DoD Zero Trust Strategy are only two examples of frameworks that provide guidance on implementing Zero Trust security principles within an organization. Both models emphasize the steps it takes to achieve total Zero Trust, but they differ in some of...

Federal agencies must undergo the complex and laborious process of security authorization to operate (ATO) for each information system (IS) in accordance with the Federal Information Security Modernization Act (FISMA). Currently, most agencies rely on manual documentation processes. These include popular productivity tools to capture the applicable security controls and the status/plans of implementation of the controls for each IS as well as...

Today’s cybersecurity threat landscape means Federal professionals must take a proactive and practical approach to defending agency personnel, systems, networks, and data. IT infrastructures need resiliency that is built in, understood by the workforce, and prepared to work beyond the next threat. Creating a resilient IT architecture is not an admission of anticipated defeat. Rather, it’s insurance against probable events and incid...

In October 2022 the Office of Science and Technology Policy (OSTP) released their “Blueprint for an AI Bill of Rights”, intended to inform and shape the development of federal AI policy. In response, ATARC is hosting a series of webinar panels to promote discussion and provide clarity on the Blueprint’s structure and goals. These panels will bring together government leaders, academics, and researchers, with the hope that the...