zero-trust security

DIA details push to modernize top-secret network amid 150% uptick in cyber threats

"I hear more about IT revolution than evolution these days, but I think IT is more evolution," DIA CIO Doug Cossa said.

Towards Zero-Trust: Forescout To Help DISA Scale Comply-to-Connect

"The ultimate goal is understanding exactly what is happening on the network, who is connecting, what is connected, and what are those devices and users doing on the network so you can make sure that, where connection is necessary for a mission, it's available but also that it's secure," Forescout's Dean Hullings said.

Peraton Developing ‘Single-Pane-Of-Glass’ Visibility Across Army’s Unified Network

"If there's one thing DoD and industry have done, it's try a whole bunch of different tools over the last 10 to 12 years. What we have to do now is string them all together to show which ones work best for the capabilities the Army needs today and divest the ones that they don't need," Peraton VP Jennifer Napper said.

DISA Head: DoD Working To Modernize ICAM, C2, Data Use

"I have a mantra of 'I want to kill to the [Common Access Card] as the primary authentication mechanism for the department'," Lt. Gen. Robert Skinner said. "Industry has better authentication, and it's not just two-factor, it's truly multi-factor authentication."

JADC2 Implementation Plan ‘Weeks Away’: J6’s Parker

"Joint always seems fun until we get into decisions about who governs this," joked Army CIO Raj Iyer.

DoD Launches New Zero-Trust Security Portfolio Office; CIO Talks Priorities

The new office is slated for October, Pentagon CIO John Sherman said, while also giving updates on the Spectrum Strategy implementation plan and the cyber workforce strategy.

CISA Warns Executive Branch Agencies To Fix Critical Windows Vulnerability

"CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated," the emergency directive says.

NIST Recommends Agencies Assume They Have Already Been Hacked

The Security Measures publication focuses on running software, while the Recommended Minimum Standards focuses on developing it.

NIST Releases New Language To Automate Cloud Security

OSCAL's goal is to enable compliance and security assessments to keep pace in complex, fast-moving, ever-changing DevSecOps environments.

DoD Seeks Boost For Defensive Cyber Tech In 2022 Budget

The budget requests funding for four new teams for the Cyber Mission Force. Those teams will support CYBERCOM operations and provide cyber support for space operations.

DoD Publishes DevSecOps 2.0 Docs For Accelerating Apps

After just three years, there are now 200 teams across DoD doing DevSecOps, which has saved, on average, a year and $12.5 million per app it’s been used to launch, the Air Force's Chief Software Officer says. When you consider the number of apps, that's significant. And now there's a push to make DevSecOps resources available to JADC2.

NSA About To Release Unclassified 5G Security Guidance

The guidance will "outline threats and risks to 5G infrastructure," NSA Executive Director Noble said. It's one way NSA is "focusing our expertise in cryptography and cybersecurity to help industry and government to integrate security into all aspects of the 5G ecosystem."

NSA Urges Defense Sector to Adopt Zero-Trust Model After SolarWinds Hack

Microsoft President Brad Smith testified that a team of internal Microsoft security experts investigating the breach at the company estimated that the SolarWinds hack involved the work of "at least 1,000 engineers," the sort of scale that would require a government's commitment of people and money. Three top cyber leaders told lawmakers that old security models are no longer adequate for today's IT environments.