CYBERSECURITY
Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
About Tidelift
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/
Read More
EMERGING TECHNOLOGY, CYBERSECURITY
Globenewswire | April 05, 2023
Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced that Seagate Government Solutions’ Barracuda 515 M.2 solid state drive (SSD) - embedded with Cigent® Technology’s built in cybersecurity enhancements is now available to Government agencies through Carahsoft’s resellers and its Federal, State and Local Government contract vehicles.
As the distributor for Seagate Government Solutions, Carahsoft works with its extensive ecosystem of reseller partners and systems integrators to make Seagate’s new SSD widely available to the Public Sector through several contracts including Carahsoft’s GSA Schedule, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, E&I Cooperative Services Contract, The Quilt, and more.
“Protecting data at the edge is a key component of an effective Zero Trust strategy,” said Maryam Emdadi, Vice President of Sales who leads the Seagate Team at Carahsoft. “Our new partnership with Seagate Government Solutions and Cigent will enhance our portfolio of secure storage solutions and enable our customers to better defend their sensitive information through the support of our reseller partners.”
Seagate Government Solutions combines its strengths with Cigent’s patented cybersecurity firmware enhancements to create the Seagate BarraCuda 515 SSD, a storage drive, designed with integrated advanced security features that deliver high performance, advanced reliability, data protection and security.
Key advantages of the BarraCuda 515 SSD include:
Federal Information Processing Standards (FIPS) 140-2 Level 2 certified and complies with corporate and Federal data security mandates.
Common Criteria full disk encryption (FDE) solution that meets the requirements of Commercial Solutions for Classified (CSfC) Data at Rest (DAR) Capabilities Package 5.0.
Cigent Pre Boot Authentication and Windows Software that protects data from all known physical and remote access attacks as well as zero-day ransomware.
Tamper-evident coating which seals SSD’s circuitry and components to provide physical security.
Full drive block-level and crypto secure erase, verified by patented erasure verification, that enables safe, fast, and cost-effective SSD retirement or redeployment.
Trade Agreements Act (TAA) compliant which satisfies fair and open international trade agreements.
“We’re thrilled to be working with Cigent and Carahsoft to provide our Public Sector clients with a top-tier storage solution that boasts Government-accredited security certifications,” said Mike Moritzkat, Managing Director of Seagate Government Solutions. “This partnership along with our new offering is another steppingstone in Seagate’s continued support of our Public Sector clients.”
Seagate’s BarraCuda™ 515 SSD is now available through Carahsoft’s GSA Schedule No. 47QSWA18D008F, SEWP V contracts NNG15SC03B and NNG15SC27B, E&I Contract #EI00063~2021MA, and The Quilt Master Service Agreement Number MSA05012019-F.
About Carahsoft
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator® for our vendor partners, we deliver solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles.
About Seagate Government Solutions
Seagate Government Solutions (SGS) is the FOCI mitigated subsidiary of Seagate Technology. The SGS mission is to deliver an array of data management solutions to federal agencies and their partners. Our proven technology adheres to strict government mandates while spearheading the way for advancements in the field of security—from unclassified to top secret, and beyond.
About Cigent
Cigent offers a new approach to data security for organizations of all sizes to stop ransomware and data theft, as well as achieve compliance. Cigent protects your most valuable asset – your data - against the most sophisticated adversaries. We protect data throughout its lifecycle via prevention-based defenses embedded into storage and individual files. From decades of data recovery, cybersecurity, and device sanitization experience, the experts at Cigent have developed prevention methods beyond anything that exists today.
Read More
CYBERSECURITY
SmartSimple Software | March 10, 2023
On March 09, 2023, SmartSimple Software, one of the leading providers of cloud-based solutions for government grants management, announced the launch of SmartSimple Cloud +AI. The innovative product incorporates a comprehensive AI support system that spans the entire lifecycle of government grants management, simplifying the process and lessening the administrative burden.
The first fully integrated artificial intelligence product, SmartSimple Cloud +AI is for government grants management. It combines AI-powered text completion, a feature popularized by OpenAI's ChatGPT-3, deeply into government grants management workflows. Using the robust architecture of SmartSimple Cloud, the product enables government grantmakers to use AI in accordance with their specific needs throughout the entire grant process.
SmartSimple Cloud +AI responds to queries to both workflow-initiated and human that support grantmakers across all stages of the granting lifecycle. It integrates seamlessly into the SmartSimple Cloud experience, enabling users to interact with AI through the SmartSimple Cloud user interface. As a new technology, its potential applications have yet to be fully explored. A few strengths are the ability to supplement and enrich data in real time, perform precise and automatic text summarization, and enable large-scale personalized communication.
SmartSimple Software Co-Founder and COO, Mike Reid said, "We believe that the advent of the AIs will release a torrent of innovation such as the world has rarely seen." He also said, "By integrating the AIs into our platform, SmartSimple Cloud, and integrating early, we will unleash this power to our clients in support of their missions."
(Source – Cision PR Newswire)
About SmartSimple Software
SmartSimple Software is a cloud-based automation collaboration software that provides unique process solutions. The company is based in Toronto, Ontario, and over 500 clients in 192 countries use its software. In addition, some of the largest grantmaking foundations, Fortune 500 companies, research and higher education institutions, and government agencies rely on SmartSimple CLOUD's business process optimization solutions. SmartSimple Software is 100 % owner-funded and managed by over one hundred people in Canada, Europe, the US and the UK.
Read More