By the end of the 2021 fiscal year, government agencies will continue to diagnose and mitigate the Office of Management and Budget and the Cyber Security and Infrastructure Security Agency (CDM) Program data quality control plan. The date is likely to be postponed, but progress is taking place. Past breaches have revealed some very alarming gaps in federal cybersecurity. This is relevant for both identity and access management and asset management. This was a real impetus for positive change.
Currently, there are major moves to strengthen federal security measures. Governments and the OMB are increasing the importance of government security and the implementation of new tools. The industry is changing its view of compliance, and the remote work environment created by the pandemic requires us to adapt more quickly.
To further promote the initiative I have a lot of money I’m from President Joe Biden and his administration. Agencies need to prioritize their needs and act swiftly to meet these needs or risk losing financial support.
Anyway, we are at stake. To move forward and protect your critical infrastructure from the threats that your CDM program is trying to address, you must first recognize the hurdles that stand in your way.
Heterogeneous systems and siled data
First and foremost, the unique culture of the federal world is not suitable for the deployment of CDM. Various groups manage the information. A law enforcement group for IT management, enterprise cyber operations, and all institutions. Each uses different tools, leading to heterogeneous systems and siled information. As a former federal employee, I understand that. You can also see that it’s reluctant to let go of what you’ve built over months and years. However, to achieve the data management “integrity” required by CDM, we need to break away from silos.
Comfort by manual process
The tools and technologies that agencies have deployed and used over the years provide a natural sense of security. They also often choose manual processes over automation, putting compliance at risk. If the experience of infringement tells us something, it means we need to act proactively. We need to be one step ahead. Past incidents have not only endangered national security, but have also cost the government billions of dollars. There are many things that are too dangerous to take action right now.
Complexity of hybrid and remote work environments
During the pandemic, the federal government increased the percentage of employees approved for telework from about 20% to 75%. This is where more than 1 million employees (about 2 million devices) are moving from operating in a controlled and protected environment to working from home over a personal network, with a variety of important government data. You have processed. Many people have purchased new devices to ensure operational continuity.
When these employees return to the office full-time or hybridly, many new challenges are presented. Security teams need to quickly identify devices and software running on government and / or personal networks to ensure that these devices meet security and compliance standards. In addition, possible safety measures, such as temperature checks, require new devices and health data to be introduced to institutions to comply with HIPAA regulations.
BYOD’s efforts and the ever-changing nature of hybrid work only increase the need for CDM. Maintaining a comprehensive asset inventory is key to bridging the security gap in order to maintain security and compliance for flexible remote work with new devices being introduced upon return. The security team can also contact the advisory body for recommendations.
Both CISA and NIST have released or will release the latest guidance on telework. This is a valuable resource for the federal security team. Most importantly, cybersecurity teams work with government leadership and mission to predict how they can support governments through future changes while effectively navigating CDM guidelines. Must be maintained.
The wounds of past federal law violations have not yet healed, but fortunately we are learning that we cannot be static. It is clear that the new administration is prioritizing federal security initiatives, giving government agencies a great opportunity to improve their security regime. Companies that embrace the lessons learned will have an advantage in this year of transition. Will get. Overall, the future of compliance and cybersecurity seems bright.
Bobby McCrennon is the Federal Vice President of Axonius. For over 30 years, he has played a variety of roles, including the US Marine Corps, the US Air Force, the Federal Bureau of Investigation, and the entire intelligence community.
https://www.nextgov.com/ideas/2021/06/its-crunch-time-homeland-securitys-continuous-monitoring-program/174705/ It ’s an emergency of the Department of Homeland Security’s continuous surveillance program.