OMB’s memorandum M-22-09, “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” is setting deadlines for implementation across the government. Specifically, the memo calls out the end of FY24 – an extremely short time frame in government circles – for multiple actions across the CISA-defined five pillars of a Zero Trust Architecture. One of the most important actions is for agencies to move to...

Shifting left and building software with security and compliance integrated from the start is critical to increasing trust in our digital infrastructure. As we have seen through recent executive orders and Department of Defense (DoD) memos, creating a foundation that enables a continuous ability to quickly certify and deliver software is critical to federal organizations being responsive enough to meet their missions. Enabling the Assessor to...

Most IT leaders acknowledge the growing threat from ransomware, however many state and local governments are unprepared to prevent or respond to it. When an agency does not know the blast radius of an attack, whether sensitive data is affected, or how long it may take to recover, the only option they are often left with is to pay up. In order to protect themselves against an organized, well-resourced attacker agencies need a strong security po...

AI systems need to be ethical, responsible, transparent, and explainable. AI and ML systems are greatly dependent upon their training data to ensure results from the algorithms are fair and ethical. These concerns are particularly important for government decision making that may affect citizens and services. Listen in as topic experts explore how the use of artificial intelligence to increase fairness and equity has become important throughou...

The May 12, 2021 White House Executive Order 14028 and subsequent Office of Management and Budget Memo M-22-09 set forth a Federal Zero Trust Architecture strategy and a new baseline for access controls. In order to reinforce the government’s defenses against increasingly sophisticated and persistent threat campaigns, agencies are now required to meet specific cybersecurity standards and objectives by the end of fiscal year 2024. M-22-09...

GSA in coordination with the IPv6 Federal Task Force, and sponsored by the CIO Council, is hosting an IPv6 summit to address the Federal community’s desire to bring together Federal agencies and industry partners to discuss IPv6 priorities, share IPv6 success stories and lessons learned, and identify partnerships between industry and government to better assist agencies in the transition to an IPv6-only environment. This Virtual Summit i...

Embracing a decentralized modern enterprise IT ecosystem means accepting that mission critical workloads don’t just run inside of the data center. Modern customer and employee experience demands from the business are rapidly forcing IT leaders to adapt to a hybrid environment approach. Application and data are increasingly spread among multiple agencies, legacy data centers, hyperscaler clouds, software as a service (SaaS) providers, and...

Federal government agencies rely extensively on IT products and services to carry out their operations. There is, however, cybersecurity supply chain risk in connection with acquiring, deploying and using these products and services. This is evidenced by the numerous supply chain attacks over the past decade such as the Target data breach in 2013, Solarwinds attack in 2020 and Kaseya attack in 2021. As a result, the federal government has take...

The Federal Government has spent a long time developing efficient, strong security practices to verify and authenticate identities—and for good reason. We’ve seen how incompatible authentication mechanisms hinder interagency communication and collaboration, as well as how weak authentication mechanisms leave the Federal Government vulnerable to exploits. Over the years, a variety of policies and memos—as well as high-profile...

Cyber-attacks and other disasters pose a constant risk to the IT operations of government agencies. The damage inflicted by these disruptions range in levels of severity and leave critical data and IT investments at risk for every hour of downtime. Preparing for a potential disaster may seem extreme, but thinking ahead and creating a plan for how to respond can make all the difference. A trustworthy modern data protection solution enables agen...