Tag Archive for: Implementation

Cybersecurity: Preliminary Results Show That Agencies’ Implementation of FISMA Requirements Was Inconsistent

/in


What GAO Found

Based on GAO’s preliminary results, in fiscal year 2020, the effectiveness of federal agencies’ implementation of requirements set by the Federal Information Security Modernization Act of 2014 (FISMA) varied. For example, more agencies reported meeting goals related to capabilities for the detection and prevention of cybersecurity incidents, as well as those related to access management for users. However, inspectors general (IG) identified uneven implementation of cyber security policies and practices. For fiscal year 2020 reporting, IGs determined that seven of the 23 civilian Chief Financial Officers Act of 1990 (CFO) agencies had effective agency-wide information security programs. The results from the IG reports for fiscal year 2017 to fiscal year 2020 were similar with a slight increase in effective programs for 2020.

Number of 23 Civilian Chief Financial Officers Act of 1990 Agencies with Effective and Not Effective Agency-Wide Information Security Programs, as Reported by Inspectors General for Fiscal Years 2017-2020

Number of 23 Civilian i Chief Financial Officers Act of 1990

GAO has also routinely reported on agencies’ inconsistent implementation of federal cybersecurity policies and practices. Since 2010, GAO has made about 3,700 recommendations to agencies aimed at remedying cybersecurity shortcomings; about 900 were not yet fully implemented as of November 2021. More recent GAO reviews have identified weaknesses regarding access controls, configuration management, and the protection of data shared with external entities. GAO has made numerous recommendations to address these.

Based on interviews with agency officials, such as chief information security officers, GAO’s preliminary results show that officials at 14 CFO Act agencies stated that FISMA enabled their agencies to improve information security program effectiveness to a great extent. Officials at the remaining 10 CFO Act agencies said that FISMA had improved their programs to a moderate extent. The officials also identified impediments to implementing FISMA, such as a lack of resources. Agency officials suggested ways to improve the FISMA reporting process, such as by updating FISMA metrics to increase their effectiveness, improving…

Source…

Zero Trust Framework: A Guide to Implementation

/in


Implementing a Zero Trust framework across an organization requires leading with a “never trust and always verify” mindset to secure your data and resources. Over the years, organizations have increasingly implemented Zero Trust frameworks into their environment because technological advancements and modern-day workforce changes such as SAS applications, cloud-based data centers, mobile devices, remote workforce, and much more, have caused the network perimeter to become challenging to define.

Implementing a Zero Trust security model suggests that enterprises cannot automatically trust any endpoint originating inside or outside its perimeter; therefore, strict privileges, user access, and authentication is required at every level for applications, devices, and users. Depending on your operation, business objectives, and the type of legacy systems you use, there is not a one-size-fits-all solution. Zero Trust can be challenging to implement and even counterproductive in some environments.

Ultimately, it will take time, resources, and team buy-in to create a cohesive and reliable strategy. Before you create a detailed roadmap, first gauge your security maturity with this Forrester assessment to help guide your projects and initiatives.

Where to Start When Implementing a Zero Trust Framework

Where do you begin with your Zero Trust strategy? Forrester’s report, A Practical Guide to a Zero Trust Implementation, explores five components from its Zero Trust Extended (ZTX) framework for you to focus on when developing your strategy, including:

Let’s take a look at each of these areas more in more detail to understand the practical building blocks of a successful Zero Trust implementation.

Zero Trust for People

Humans are often the weakest link in security practices, falling victim to phishing attacks or making mistakes due to bad password management. It’s critical to align your strategy with the people across your entire organization by investing in identity and access management (IAM) throughout your on-premises or cloud environment. With data being accessed by consumers, employees, and third parties, organizations need to develop a process for consistent monitoring of…

Source…