Adopting a zero trust policy has become imperative for agencies aiming to safeguard their digital assets against increasingly sophisticated threats. It represents a true paradigm shift, away from traditional perimeter-based security models to a more dynamic, trust-never always-verify approach. One critical part of implementing zero trust is managing digital identity – ensuring that access to resources is securely managed and continuously...

It is hard to think of a technology that has taken over the IT ecosystem faster than artificial intelligence. OpenAI released ChatGPT in November 2022, and yet it already has evolved so much that it bears little resemblance to v .0. The federal government has been moving quickly by its standards to address AI’s challenges and capabilities, including a Blueprint for an AI Bill of Rights, an AI Risk Management Framework from the National I...

One Cybersecurity and Infrastructure Security Agency (CISA) program that has been widely adopted throughout the federal government also is one of its longest-established – the Continuous Diagnostics and Mitigation (CDM) program. Introduced in 2012, the program provides a dynamic approach to strengthening the cybersecurity of government networks and systems. The program has evolved over the past decade to add new capabilities, including c...

When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

As artificial intelligence (AI) applications proliferate across the internet ecosystem, other changes are being triggered, from the commitment to R&D funding to workforce development to new initiatives in higher education. The federal government’s spending on IT R&D and AI in fiscal year 2023 is estimated at $9.6 billion. Meanwhile, the University of Florida, for instance, declares it is “building an AI university,” a...

The universe of artificial intelligence applications is going through its own Big Bang right now. As artificial intelligence (AI) applications proliferate across the internet ecosystem, other changes are being triggered, from the commitment to R&D funding to workforce development to new initiatives in higher education. As public awareness grows of AI’s potential and how it may affect them, there still are issues to be resolved. For i...

One of the biggest social issues the U.S. faces today is how to achieve health equity, where everyone has a fair and just opportunity to reach and maintain their best level of personal health. The challenges are many, systemic, and interconnected – economic, institutional, educational, and social barriers prevent many with the greatest needs from being able to access the care and information they require. Over the past decades there have...

Cybersecurity is usually framed in terms of IT – from malware to phishing to ransomware, federal agencies are paying attention to securing their networks and endpoints. But leaders often overlook security measures for operational technology (OT) and industrial control systems (ICS), such as building automation systems, physical access control systems, physical environment monitoring systems, and implementing a zero trust architecture. In...

As part of the Infrastructure Investment and Jobs Act of 2021, Congress included $1 billion over the next four years for state, local and tribal governments to strengthen their cybersecurity. The Cybersecurity and Infrastructure Security Agency established the State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program to distribute funds. The Federal Emergency Management Agency is responsible for administration and...

The White House Executive Order on cybersecurity, issued in May following high-profile ransomware attacks on enterprises as varied as oil pipelines and healthcare, directs the federal government to “improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.” In response, the National Institute of Standards and Technology has already released guidance outlining security measures for cri...