Zero Trust in Government Accelerates 0-60

Zero Trust is a logical evolution of security in a world where remote access to networks and applications is more common than being on-site with an organization's data center. From cloud applications to the explosion of remote work, the traditional "castle and moat approach" simply does not scale or protect networks that are constantly being accessed by outside users.

The Executive Order on Improving the Nation's Cybersecurity (Cyber EO) has a strong emphasis on moving government toward a Zero Trust approach for security. It laid out deadlines for agencies to submit plans for implementing Zero Trust architectures, holding organizations accountable for changing how they allow users to access their systems. Continue reading

Cloud Is No Longer the Exception, but the Rule

Remote work, necessitated by the pandemic, accelerated many agencies' move to cloud computing. With remote and dispersed teams here to stay, cloud is a critical, if not primary, infrastructure for a number of organizations. With this wide reliance on cloud, the Cybersecurity and Infrastructure Security Agency (CISA) has been releasing Trusted Internet Connections 3.0 Use Cases, which give federal agencies guidance on applying network and multi-boundary security for remote users.

Similarly, the Defense Information Systems Agency (DISA) recently combined its Cloud Computing Program Office (CCPO) with its services directorate and ecosystem. This move, creating the Hosting and Compute Center (HaCC), recognizes the long-term reality of cloud and the role it plays in delivering services and powering everyday work for the agency. The HaCC will be "responsible for providing the warfighter with critical hosting and compute functions using modern data center and cloud capabilities." This functionality supports a number of Defense Department initiatives including Joint All Domain Command and Control. Continue reading

Government Security: Looking From the Inside Out

With a number of high-profile security hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.

In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.

Continue reading

Earning Your Letters: Certifications and a Government Career

Diploma or certificate isometric icon 3d on a transparent background vector illustration

As all of our GovEvents readers know, education does not end with the last degree you receive. From on-the-job training to industry events, professionals are constantly learning new things. Learning and career progression are, of course, rewards in themselves, but a certification program is quantifiable and industry-recognized.

Like an educational degree, certifications are an official marker of knowledge study and mastery. While they may add to the alphabet soup that is a government career, having the right letters after your name can make a big difference in what jobs you can apply for and how much you'll get paid.[Tweet "Earning Your Letters: Certifications and a Government Career #GovEventsBlog"] Continue reading