Insight by HID Global

Cybersecurity compliance and Zero Trust for robust identity/access management

With this ever burgeoning regulatory environment, achieving and maintaining cybersecurity compliance is a complex process.

According to Ben Franklin, nothing can be said to be certain in this world except death and taxes. However, in my experience as a former state government CIO, it might make sense to add government regulatory mandates for category number three. In a recent discussion on cybersecurity compliance and identity and access management (IAM), Yves Massard, product marketing director for HID Global’s IAM government solutions business segment talked about the growing list of government mandates in terms of cybersecurity compliance.

“Cybersecurity risk is an area that’s coming more and more to the forefront,” Massard said. While cybersecurity mandates have been customary at the federal level for some time, they’re becoming more prevalent at the state level now as well. “So, for example, if your government organization is working with the IRS, you have to comply with the encryption requirements of IRS Publication 1075. If you are getting access to a criminal background check from the FBI, you must comply with procedures related to the Criminal Justice Information System (CJIS),” Massard explained.

With this ever burgeoning regulatory environment, achieving and maintaining cybersecurity compliance is a complex process. HID Global’s data-driven cybersecurity approach is meant to enable organizations to comply seamlessly as they enhance the protection of their sensitive data.

And with the new coronavirus challenge networks, connectivity and cybersecurity have never been more critical as government organizations fire up their telework options. As an integral part of this program, governments will require a robust identity and access management protocol. Given recent reports of cybersecurity attacks in March at the federal Department of Health and Human Services, officials are concerned about increased threats as employees transition to telework environments.

“In the past, you might have had identity-related security measures, but a lot of it was just around the username and password. Not nowadays. It’s all about multifactor authentication and zero trust,” Massard said. It’s critical to make sure that the right person has access to the right information, and not somebody else.

Today we’re seeing many new technologies stand out and best practices are starting to be adopted. “Zero Trust is one of those practices where really it’s about always making sure that it’s the right person [who is] accessing the application. And part of making sure that you can do that is being able to have a secure identity so you know it’s the right person and not somebody else that just gets the password right,” Massard said.

Shape

Government Mandates on Cybersecurity Compliance

We're seeing more and more government mandates in that area. Cybersecurity risk is an area that's coming more and more to the forefront. It's been there at the federal level and it's becoming more and more prevalent also at the state level as we're seeing a lot of mandates that are being applied in different sectors.

Shape

Access Controls

They might be working from home, as we said earlier, because of the Corona virus. Maybe they need to telework. So the idea was zero trust is going away from having that castle type of approach with a firewall, and instead making sure that at every point that you're accessing something, whether it's that application, that you make sure that this is the right person that's accessing it.

Shape

Citizen Access Management in Government

That would be a great place to start, especially with the changes in the industry with cloud application and mobility. Whenever you access an application, you make sure it's the right person that's accesses it. You get to think about multifactor authentication as the foundation for zero trust. If you're not sure who's the right user, multifactor authentication is really the way to go for that.

Listen to the full show:

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

Featured speakers

  • Yves Massard

    Product Marketing Director, Identity and Access Management Solutions, HID Global

  • John Thomas Flynn

    Host of Ask the CIO: SLED Edition, Federal News Network

ASK THE CIO: SLED EDITION

ASK THE CIO: SLED EDITION

THURSDAYS at 11:00 A.M.

Host John Thomas Flynn is former California and Massachusetts chief information officer and former president of the National Association of State CIOs. The show features conversations with state and local CIOs, CISOs, program leadership and elected officials, and the IT vendor community. Subscribe on Apple Podcasts or Podcast One.