This report is a coordinated effort by the Secretary of the Department of Homeland Security (DHS), the Director of the Office of Management and Budget (OMB), and the Administrator of the General Services Administration (GSA), in consultation with the Secretary of Commerce (Commerce) to outline a “modern Federal IT architecture where agencies are able to maximize secure use of cloud computing, modernize Government-hosted applications, and securely maintain legacy systems.” To accomplish this goal, the report addresses two distinct categories; 1.) Network Modernization and Consolidation, and 2.) Shared Services to Enable Future Network Architectures, both with specific actions to be implemented in the next 12 months. Each category and its required actions are as follows:

Network Modernization and Consolidation

1. Prioritize the Modernization of High-Risk High Value Assets (HVAs). Prioritize modernization of legacy IT by focusing on enhancement of security and privacy controls for those assets that are essential for Federal agencies to serve the American people and whose security posture is most vulnerable.
2. Modernize the Trusted Internet Connections (TIC) and National Cybersecurity Protection System (NCPS) Program to Enable Cloud Migration. Use real world implementation test cases to identify solutions to current barriers regarding agency cloud adoption. Update relevant network security policies and architectures to enable agencies to focus on both network and data-level security and privacy, while ensuring incident detection and prevention capabilities are modernized to address the latest threats.
3. Consolidate Network Acquisitions and Management.

Shared Services to Enable Future Network Architectures

1. Enable use of Commercial Cloud. Improve contract vehicles to enable agencies to acquire commercial cloud products that meet Government standards.
2. Accelerate Adoption of Cloud Email and Collaboration Tools. Provide support for migration to cloud email and collaboration suites that leverage the Government’s buying power. Define the next set of agencies to migrate to commercial email and collaboration suites.
3. Improve Existing and Provide Additional Security Shared Services. Provide centralized capabilities that replace or augment existing agency-specific technology to improve both visibility and security.

Each section outlines a timeline for action, including, 30, 60, 75, 80, 100, 365 day plans. ‘Taken together, these recommendations will modernize the security and functionality of Federal IT, allow the Federal Government to improve service delivery, and focus effort and resources on what is most important to customers of Government services.”

Driving this level of change will require participation and commitment at every level of government, including agency leadership, mission owners, IT practitioners, and oversight bodies. The reports states that in order to achieve this modernized IT architecture, the Federal Government will need to maximize use of shared services and commercial capabilities while accelerating the adoption of cloud email and collaboration tools, improve the existing shared services, and provide additional support to security shared services for agencies. “The future of Federal IT is one in which agencies move further toward a risk-based approach to securing their systems that places appropriate emphasis on data-level protections and that fully leverages modern virtualized technologies.”

Requests for comment are now open. For more details, view the entire report.

Subscribe to Corsec emails!

Enter endpoint security, a methodology of protecting the corporate network when accessed via an endpoint. This system has grown into a multi billion dollar industry over the past few years. The virtual private network (VPN) and approved operating systems otherwise trusted for secure communication need to be protected with proper software and hardware to ensure access, information, and network security are protected. One of the foundations to operating a dependable business and network, the endpoint security market is set to reach $27.05 billion by 2024. With the evolution of BYOD (Bring Your Own Device) policies and mobile devices, that number is expected to rise continuously.

Meanwhile, overall U.S. federal spending in security is estimated to grow to $36.9 billion by the end of this year. Not only that, the United States will be the largest market for security products, while global spending for security software and services reaches $81.7 billion.

This budget is not just to protect businesses, it is a matter of national security. Reasons for this investment include an escalating number and severity of cyber attacks, developing computing power and big data, the emergence of innovative tools and approaches, and the recent surge of more cost-effective technologies. As the government executes this tech, they place restrictions on the procurement process to ensure all products touching the network are 1.) secure, and 2.) play well with others. Implementing new technology into a secured environment could have devastating effects if all components are not hardened to meet existing security standards.

These restrictions come in the form of security certifications, notably FIPS 140-2, Common Criteria, and listing on the DoD’s APL. These are crucial to mitigating risk upon purchasing IT software and hardware so that the U.S. government and its customers can rest assured that sensitive data and information is secure. Getting through these certifications can be a pain staking process and time consuming if not done properly. As you begin to evaluate your security posture and certification strategy, make sure you have the adequate resources and expertise to complete the job the first time through, avoiding costly re-work that could delay your projects and business goals.

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements. – Subscribe