When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

Cybersecurity professionals are well aware that the threat landscape they live in is volatile and poses ever-changing threats to the systems they defend. One kind of risk is exploding – attacks on APIs. APIs are such attractive targets because their purpose is to allow two or more applications to communicate with each other. Infecting an API drastically expands the attack surface, but most enterprises do not have transparency into their...

Federal agencies have taken the lead in the public sector’s adoption of cloud computing. It has provided many benefits, including flexibility for applications, cost savings as legacy systems have been phased out, and empowering customers in their interactions with agencies – but it also has opened new methods for cyberattacks, such as corrupting elements of the software supply chain. As a result, data protection is more important t...

Government agencies at all levels are doing everything they can to protect their data from the ongoing onslaught of cyberattacks. Whether it’s implementing zero trust architecture to meet the requirements of Executive Order 14028, federal agencies using FedRAMP certified cloud services, any of the dozens of state, local, municipal and educational organizations enrolled in StateRAMP, government as a whole understands the critical importan...

Federal agencies have been mandated to migrate to IPv6; the mandate requires at least 20% of IP-enabled assets on agencies’ networks operate in IPv6-only environments by the end of FY 2023. Join us for the last of the quarterly sessions as thought leaders from government and industry share real-world examples and lessons learned in working to meet this mandate over the past year. We’ll Discuss: Review the progress made by agencies...

What happens if a patch means replacing a half million-dollar piece of equipment? In this week’s episode of Feds At The Edge, we are exploring the equal opportunity malicious actors see in operational technology. The good old-fashioned industrial equipment, assets and processes that are often the weakest link in the battle against cyber-attack. We’ve gathered top agency and industry thought leaders who bring you’re their vari...

It has been almost seven years since the White House issued Presidential Policy Directive 40, setting out the federal continuity policy “to maintain a comprehensive and effective continuity capability through Continuity of Operations (COOP), Continuity of Government (COG), and Enduring Constitutional Government (ECG) programs, ensuring the resilience and preservation of government structure under the United States Constitution and the co...

After decades of delay, cybersecurity has become a defining issue for the United States. In response, when the White House laid out its zero trust requirements in January 2022, it set an ambitious goal – that all agencies have their zero trust infrastructure in place before October 1, 2024. This is because of the reality of the digital age: a persistent threat environment is the norm in the IT world, and agencies have to assume they...

Military contractors of all types are trying to work through the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) 2.0. It has been something of a moving target, as the Department of Defense has changed the certification model from five levels in CMMC 1.0 to three in the current version, to better align with existing federal standards and cut red tape for small and mid-sized companies. But the purpose of the CMMC...

When the log4j vulnerability was first identified in late 2021, the Cybersecurity and Infrastructure Security Agency responded very rapidly, including giving all federal agencies less than a week to identify and patch all their affected systems, and coordinating a nationwide response to encourage the private sector to do the same. But the vulnerability is likely to dog agencies and the private sector alike for years. There are at least two rea...