Government Security: Looking From the Inside Out

With a number of high-profile security hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.

In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.

Continue reading

A Short History of Shared Services…and What’s Next.

Shared Services in government is nothing new. The idea began in the 1980s with the consolidation of payroll and some other administrative functions. In the '90s the focus was on creating entities that could provide common business functions across government and, in that effort, become a cost center.

The 2000s saw the rise of the term 'Line of Business' that looked at common business functions across government to identify opportunities to transform, streamline and share. The Obama Administration looked specifically to IT as a shared service, releasing the Federal IT Shared Services Strategy that provided federal agency chief information officers and key stakeholders guidance. This guidance focused on the implementation of shared IT services as a key principle of their efforts to eliminate waste and duplication, with the intention to reinvest in innovative mission systems.

Continue reading

Taming the Superpower of Data – Data Privacy in Our Digital World

Data helps organizations make more informed decisions about how they serve their customers. Data informs policy and procedures and feeds more personalized interaction with people. But with great power comes vast responsibility. The data that organizations hold can be incredibly personal. It's more than just someone's social security number. It is information about where people live, work, shop, keep their money, get their news, and more. Individuals should have control over who knows this information and, if they do have it, how they use it. However, most of us do little to understand our privacy rights beyond blindly clicking a checkbox that allows sites to collect information about our activities.

Data privacy practices ensure that the data shared by customers is only used for its intended purpose. A multitude of laws, including the Health Insurance Portability and Accountability Act (HIPAA), Electronic Communications Privacy Act (ECPA), Children's Online Privacy Protection Act (COPPA), and General Data Protection Regulation (GDPR) have been enacted to provide guidelines to organizations and promises of data privacy to individuals.

Continue reading

Agencies Meet FITARA Goals Even While Battling Pandemic Challenges

The latest Federal IT Acquisition Reform Act (FITARA) scorecard showed that all agencies still have passing grades when it comes to meeting federal goals for IT management and reporting, but there was some backsliding in the latest report.

Health and Human Services, Labor, and the Veterans Administration improved their overall scores, while five agencies -- Commerce, Small Business Administration, The General Services Administration, Social Security Administration, and U.S. Agency for International Aid - all dropped. A positive among the scores was that every agency received at least one A for the first time in the scorecard's history.

Continue reading

Tanks, Planes, Ships, and Data: Activating the DOD’s Data Strategy

The battles of tomorrow will likely not be fought on the ground, they will take place in cyberspace as nation-states and rogue actors alike look to interrupt the everyday functions of a country via high-tech attacks. Recently we saw the Russian hack of software, designed (ironically) to help organizations monitor network problems and anomalies, which has the government and private companies scrambling to determine what data was compromised. With cyberspace being the new battlefield, data and data management have quickly become a strategic asset in the DoD arsenal.

Last fall, the DOD released the Department's Data Strategy. An overarching guidance on how they will manage, secure, and use data. This document supports the DOD's transition to "a data-centric organization that uses data at speed and scale for operational advantage and increased efficiency." The Data Strategy includes 7 goals, nicknamed VAULTIS, to becoming data-centric:

Continue reading