How DoD organizations can get a handle on zero trust

As the U.S. Department of Defense (DoD) continues to transition and adopt zero trust cybersecurity frameworks for its IT networks and infrastructure, the Department is also urging all of its disparate agencies and organizations to follow suit. But before DoD…

Why a zero trust framework is the most effective at securing federal agency networks

As malicious cyber actors continue to improve and refine their techniques of penetrating and exploiting vulnerabilities in federal government agency networks, the single verification cybersecurity models that agencies have historically implemented are no longer capable of preventing breaches and attacks.…

Four Automation Targets That Can Help Overcome the Federal Cyber Workforce Shortage

Since the beginning of the COVID pandemic, cyberattacks have become increasingly frequent and sophisticated, looking to leverage a changing IT landscape that resulted as government agencies and their IT teams worked to enable the “new normal” of a distributed workforce.…

Improving Cyber Situational Awareness with Compliance Automation

Today’s federal government and military are facing workforce shortages and vacancies in many important positions. However, none of these vacancies are as potentially harmful to the security of our nation as the shortages that exist in our federal cybersecurity workforce.…

Using STIGs to Accelerate CDM Compliance

As part of the Executive Order on Improving the Nation’s Cybersecurity (Executive Order), Federal Civilian Executive Branch (FCEB) Agencies need to establish or update their Memoranda of Agreement with CISA for the CDM (Continuous Diagnostics and Mitigation) program ensure that…

STIGs For Dummies

For both government organizations and their mission partners, addressing STIG compliance for RMF, FISMA, DevSecOps, FedRAMP, and now the new CMMC mandates, has always been challenging, especially when these organizations depend on tedious manual processes. Kenneth Hess, the author, funnels decades…

eMASS Automation – The Search for a Solution to Unite and Automate Security Compliance Data

eMASS, or the Enterprise Mission Assurance Support Service, was developed by the DoD, in part, as a repository that unites technical/machine data generated from endpoint scans with the human/non-technical data documented by security/IA personnel. Imagine a 1,000 workstation environment that quickly…