An unclassified summary of DOD’s new cyber strategy offers few specifics as it outlines plans to protect the industrial base and improve technology used in cyber defense.
The government’s federal chief information security officer shares progress update on where agencies stand on implementing phishing-resistant multifactor authentication, endpoint detection and response, and cultural changes to improve cyber posture.
Can your agency get access to cyber tools quickly? Yes, says AWS’ Jim Helou. It’s one of the benefits of the cyber partnerships available through Marketplace: providing agencies access to combinations of tools needed for zero trust — on a compressed timeline.
Yes, zero trust is a journey. But it also requires being holistic in your approach, recommends CrowdStrike’s Andrew Harris. He shares this plus three other tips for success in implementing zero trust with The Federal Drive’s Tom Temin.
Maybe Hansang Bae once worked at Nike. When he’s taking about zero trust, he’s so passionate that you expect at any moment he’s going to say, “Just do it.” What he definitely did say was: “My advice is to get going. The technology is mature enough.”
Zero-trust architecture has been top-of-mind for the federal government, especially as we approach the one-year countdown for the White House’s zero-trust memorandum deadline.
Getting rid of passwords once and for all is really about creating strong security that’s also frictionless for users, explains Okta’s Sean Frazier in a conversation with Federal News Network’s Jason Miller. What will that take?
Alex Whitaker, the director of government affairs for the National Association of State Chief Information Officers, said pushing for broader adoption of the .gov domain and harmonization of federal cyber regulations.
The cybersecurity team at the National Institute of Standards and Technology (NIST), is about to finalize a new version of a signature document: The Cybersecurity Framework. Next week it holds a workshop to get one last round of input on the new framework draft. For more, Federal Drive Host Tom Temin spoke with Kevin Stine, the Chief of NIST's Applied Cybersecurity Division.
Lt. Gen. Robert Skinner, DISA’s director and commander of the Joint Force Headquarters-Department of Defense Information Network (JTF-DoDIN), said the agency is undertaking three separate tests of tools to better protect internet boundaries.
The Cybersecurity Maturity Model Certification program has been in gestation at the Defense Department longer than a baby elephant. CMMC is still not operational, but, boy, has it produced documents. Just out, new scoping documents. Do contractors need to read them? To discuss that topic, Federal Drive Host Tom Temin was joined in studio by Holland and Knight contracting attorney Eric Crucius.
CISA is nearly done writing the proposed rules for cyber incident reporting, while the CMMC rules may be out for comment before the end of 2023.
CISA’s new Secure-by-Design, Secure-by-Default principles offer a road map to guide technology providers to a more secure future. By addressing integration, automation and collaboration, agencies can improve the odds our shared technology ecosystem reaches that destination.
DOJ and the General Services Administration’s inspector general says Verizon’s cyber protections fell short of requirements outlined in the Trusted Internet Connections initiative from October 2017 to August 2021.
Colby Proffitt, a cybersecurity strategist at Shift5, explains why observability is so important to improving the security and modernizing operational technology.