With 2022 just around the corner, MeriTalk is taking a month-by-month look at the most popular stories in Federal IT from 2021.
Federal Chief Information Security Officer Chris DeRusha said the Technology Modernization Fund (TMF) board – on which he sits – is looking to agencies that won awards from the fund earlier this year to pursue zero trust security projects to act as a group of pathfinders who can inform the zero trust transition work of other Federal agencies going forward.
To build an effective zero trust approach, emphasizing identity and privileged access management can help agencies minimize their attack surface and cyber risk, Federal officials said during ATARC’s zero trust summit on November 18.
Adopting and integrating zero trust principles into any cybersecurity strategy is far from simple, but the use of automation technologies can help greatly in that process, Federal officials said at ATARC’s Zero Trust Summit on November 17.
President’s Biden executive order (EO) on improving the nation’s cybersecurity gave Federal agencies 90 days to develop a Zero Trust strategy among a slew of other deadlines. But according to an official from the Small Businesses Administration (SBA), communication remains a significant challenge in meeting this deadline.
According to a recently released Tripwire survey, most security professionals in the private and public sector described their zero trust security adoption as either progressing, or even well-developed, but also in need of more work.
The zero trust journey can present several challenges for organizations, with funding being just one of them, but Steven Hernandez, chief information security officer at the Department of Education, said the biggest hurdle he sees with zero trust comes down to cultural challenges.
The transition to zero trust security architectures is integral to the U.S. Department of the Army’s modernization efforts, said Army CIO Raj Iyer during an FCW virtual roundtable on October 27 where he explained security challenges that the service branch is facing and how the move to zero trust security concepts will help.
With President Biden’s cybersecurity executive order (EO) directing Federal agencies to begin moving to zero trust security architectures, agencies already have begun to make the shift. However, progress on zero trust migration – which some Federal officials termed a “paradigm shift” at an ATARC webinar today – will look different for every agency.
Several Federal government officials involved in migrating government agencies toward adoption of zero trust security principles agreed during a September 30 ATARC webinar that agencies need to first think through the goals of adopting zero trust architectures before undertaking technology deployments to get there.
The U.S. Army Corps of Engineers is looking to enhance its cybersecurity efforts with zero trust security concepts, according to the Corps’ Chief Information Officer (CIO), Dovarius Peoples.
Now that the Office and Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) have released their new directives for Federal civilian agencies to move to zero trust security principles and expanded cloud adoption, what are some near-term steps that Federal IT and cybersecurity officials should think about as they get ready to put those directives into action?
The Biden administration’s latest set of directives that aim to move Federal agencies toward zero-trust security architectures and more cloud adoption are receiving positive initial reviews from Federal IT officials, although leaving some to wonder where funding will come from for agencies to follow through on the directives.
The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) both published key draft guidance documents today that provide the next set of road maps for Federal civilian agencies to transition to zero trust security concepts over the next three years and to guide agencies to securely migrate to cloud services.
Nicolas Chaillan, the first-ever chief software officer (CSO) of the United States Air Force (USAF) and co-lead of the Department of Defense (DoD) Enterprise DevSecOps Initiative, announced his resignation today in a post on LinkedIn.
Like all Federal agencies, the Office of Personnel Management (OPM) is working on complying with President Biden’s cyber executive order (EO). To help comply with the EO and aid OPM’s modernization mission, the agency has funding requests out to the Technology Modernization Fund (TMF) Board to help OPM with the move to zero trust and cloud modernization, OPM CIO Guy Cavallo said August 31.
Ransomware attacks are on the rise and adversaries are developing more sophisticated cyberattacks, but Federal cyber experts agree that “the vast majority” of ransomware attacks active today can be prevented by good basic cyber hygiene practices.
The National Archives and Records Administration (NARA) is making bids with the Technology Modernization Fund (TMF) for funding that will help the agency improve cybersecurity and replace legacy systems that run high-value assets, said Sheena Burrell, NARA’s Deputy CIO, at a GovLoop event on August 19.
With the coronavirus pandemic continuing to provide a stubborn barrier to full-fledged office workplace returns for many Federal agencies, the Commerce Department’s chief information security officer (CISO) spoke on August 17 about paying attention to human-centric aspects of security in the development of next-generation workplaces.
An August 10 memo from Shalanda Young, acting director of the Office of Management and Budget (OMB), is providing instructions to Federal agencies about how to comply with security guidance of “critical software” as directed by President Biden’s executive order (EO) on cybersecurity issued in May.
The Government Accountability Office (GAO) published a fresh update on its priority open recommendations for the Department of Defense (DoD), showing that while the Pentagon has been busy trying to satisfy numerous prior recommendations from the watchdog agency, its overall to-do list from GAO is staying about the same because a steady stream of new recommendations are being added.
The Cybersecurity and Infrastructure Security Agency (CISA) released a new training guide to help IT professionals advance their careers in the Federal and state, local, tribal, and territorial cybersecurity communities.
Federal Chief Information Security Officer Chris DeRusha said today that working to update the Federal Information Security Management Act (FISMA) – and generate more useful Federal agency cybersecurity metrics as a result – are among his top priorities currently.
The White House released a National Security Memorandum (NSM) today containing a new set of actions aimed to strengthen cybersecurity efforts to protect United States critical infrastructure amid the growing number of cyber threats and cyberattacks.
The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) has named 18 firms it will work with on NCCoE’s Implementing a Zero Trust Architecture Project.
Federal CISO Chris DeRusha said today that the ongoing solicitation of Federal agency bids for money from the Technology Modernization Fund (TMF) is drawing a lot of interest in security-related projects – one of the four primary areas that the TMF Board identified earlier this year as ones it would prioritize as it works to deploy up to $1 billion of new funding capacity from the American Rescue Plan Act.
Federal agency chief information security officers (CISOs) talked about several aspects of the Biden administration’s cybersecurity executive order (EO) during a July 15 FedInsider webinar in which they flagged steps agencies should be taking to meet the order’s requirements.
With President Biden’s cyber executive order (EO) guiding Federal agencies towards implementing zero trust architectures, the U.S. Army Corps of Engineers has already created a Zero Trust Playbook to help outline the change and create guidelines, the Corps’ CIO said today.
U.S. Air Force Chief Software Officer (CSO) Nicolas Chaillan this week emphasized the importance of a moving toward zero trust security architectures within the Department of Defense (DoD) – a process that DoD Acting CIO John Sherman has said is a top tech priority for the Pentagon.
Defense Department Acting CIO John Sherman emphasized the Pentagon’s firm intent to move further toward adopting cloud infrastructures and zero trust security concepts at a June 29 hearing held by the House Armed Services Committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems.