The purpose of the Cybersecurity Maturity Model Certification is to have in place the security and privacy controls that give information systems greater resilience in the face of a wide range of dangers, including malicious attacks, natural disasters, structural shortcomings, human error, and hostile nation-state surveillance. The catalog of controls is laid out in the National Institute of Standards and Technology Special Publication 800-53...

There are few things worse for agency efficiency – or IT employee morale – than having fragmented service requests, overwhelming workflows, and siloed knowledge. It is not that IT employees aren’t working hard to solve problems, it’s that the tools they have been using cannot scale up as fast as user needs accumulate. In today’s rapidly shifting federal landscape, agencies must modernize operations and strengthen...

The U.S. Department of Defense uses security standards that are set forth in its Security Technical Implementation Guide (STIG) to help protect its systems and networks. By implementing unified automation, which integrates automated tools with the STIG standards, DoD can improve system-level control compliance throughout the software lifecycle. From reduced timelines and improved reliability to sustainable ATO processes, unified STIG automatio...

Phishing today isn’t just email. Adversaries are now exploiting SMS, Signal, LinkedIn, QR codes, and more to directly target your people—on the devices they rely on most. These mobile-specific tactics—like smishing and quishing—are designed to exploit human trust, not technical flaws. And they’re working. Protecting users from falling for such schemes is difficult. Threat researchers have seen malicious smishing c...

Join us for a dynamic FedInsider discussion on how mission-centered system design can transform public sector services into improved, outcomes-driven models. As expectations around cost reduction and efficiencies continue to drive change, government and industry leaders must go beyond incremental improvements to reshape how citizen experiences are designed and in fact delivered. This webinar will explore how focusing on mission outcomes can pr...

Katie Arrington, the acting CIO for the Department of Defense, is fiercely determined to enforce the requirements of the Cybersecurity Maturity Model Certification (CMMC), considering it a primary defense against China’s cyber incursions – and one she expects the Defense Industrial Base (DIB) to meet. Among best practices suggested for achieving CMMC is maintaining a comprehensive, accurate asset inventory, because it defines the b...

Today’s workforce isn’t tethered to laptops – it’s powered by mobile. It’s often a primary way many employees connect to email and other mission-critical resources but not treated that way from a security standpoint. Traditional Mobile Device Management (MDM) solutions weren’t built to detect advanced threats or align with Zero Trust principles. They offer basic control, but not the telemetry, risk context,...

One of the most beneficial practices any agency can implement is achieving and maintaining Continuous Authorization to Operate (cATO). It allows an organization to maintain ongoing authorization for their systems and software, rather than having to obtain a one-time ATO for each deployment. Gaining a cATO requires agencies to implement continuous monitoring of the security of their systems and practicing active cyber defense measures that proa...

Artificial Intelligence (AI) is transforming cybersecurity for the better—empowering teams to detect threats faster, reduce false positives, and identify risky behavior before it becomes a breach. But there are risks associated with AI: first, that AI tools currently are new to organizations and under-regulated for their own cybersecurity, so require careful review; also, as defenders become more sophisticated with those AI tools, so do...

Data analytics demonstrate their value for both public safety and emergency management every day. The National League of Cities, for example, promotes the usefulness of Data-Informed Community Engagement (DICE), pairing crime data and analytics with community-driven risk concerns. Data-driven policing has been in use since the 1970s, but the advent of the cloud and edge computing has put it at the fingertips of law enforcement. Similarly, emer...