Oracle | October 14, 2020
Oracle Cloud Infrastructure (OCI) Government Cloud Services has obtained a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board (JAB). The accreditation continues to demonstrate that OCI is a compliant, cost-effective, and highly-secure platform for our public sector customers' most critical workloads. The JAB is the primary governance and decision-making body for the Federal Risk and Authorization Management Program (FedRAMP), the government program that sets the standard for assessing, authorizing, and monitoring cloud systems' security. FedRAMP offers two types of authorizations: Agency ATO and JAB P-ATO. Having already achieved a FedRAMP High Agency ATO, Oracle's achievement of the FedRAMP High JAB P-ATO further assures agencies that the risk posture of the system has been reviewed and approved by leading technology officials. The accreditation can also reduce both time and cost for government customers to secure their own agency ATO.
Swimlane | February 23, 2022
Swimlane today announced that its cloud-scale, low-code security automation is being adopted by leading U.S. Government agencies to improve overall cybersecurity effectiveness while meeting the requirements of recently-issued Executive Orders M-22-09 and M-21-31.
The Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA), along with Executive Orders from the Biden Administration, has mandated several new security directives around Zero Trust, Logging, and Security Orchestration, Automation and Response (SOAR). These government-wide programs have an immediate impact on the expectations and roadmaps for public sector agencies and component agency security programs. Swimlane security automation provides a centralized system-of-record and SOAR capabilities that help agencies meet these requirements while gaining greater visibility into their operations with consolidated analytics, real-time dashboards and reporting from across the security infrastructure.
U.S. public sector agencies have until the end of FY2024 to implement SOAR technology as part of the adoption of Zero Trust principles laid out by the Office of Management and Budget (OMB) in January. The memorandum refers to implementing security automation capabilities as a “practical necessity.”
“As the number of false alarms and genuine threats increases, agencies need an easy-to-navigate solution that allows them to integrate their entire security stack and automate the manual tasks essential to keeping them secure,” said Cody Cornell, co-founder and chief strategy officer, Swimlane, who formerly held roles with the U.S. Defense Information Systems Agency and Department of Homeland Security.
Cornell continued, “Swimlane’s low-code security automation platform can serve as a crucial foundation for meeting these Zero Trust requirements by becoming the security system of record, which means agencies can seamlessly track and automate security processes, cases and reports from a single customizable interface. This comprehensive visibility allows them to overcome resource constraints and respond to threats faster.”
While Zero Trust relies on an agency’s ability to successfully standardize user authentication and ensure every attempted access is validated before granting access to the organization’s network, federal agencies are also tasked with mitigating an ever-growing number of security alerts, disconnected tools and complex processes. Regulating access on such a granular level is a highly complex process. To be successful, security teams must feel confident in the decisions they make while managing their environments. This is why having access to an end-to-end security automation solution that provides security teams with comprehensive visibility and orchestration that can extend beyond the Security Operations Center (SOC) is crucial.
Swimlane works with numerous partners in the federal and public sector, like Merlin Cyber, to deliver a powerful platform that can help agencies solve even the most sophisticated security challenges. According to Merlin Cyber’s 2022 State of Federal Zero Trust Maturity survey, more than 70 percent of federal agencies are aggressively adopting Zero Trust principles.
“The adoption of Zero Trust strategies is most effective when carried out in conjunction with security automation. As government agencies seek to take more extensive steps to secure their attack surface and maximize incident response, Swimlane’s platform being flexible enough to support use cases beyond traditional SOAR makes it a significant asset.”
Miguel Sian, Senior VP of Technology at Merlin Cyber
Swimlane is the leader in cloud-scale, low-code security automation. Supporting use cases beyond SOAR, Swimlane improves the ease with which security teams can overcome process and data fatigue, as well as chronic staffing shortages. Swimlane unlocks the potential of automation beyond the SOC by delivering a low-code platform that serves as the system of record for the entire security organization and enables anyone within the organization to contribute their knowledge and expertise to the protection of the organization.
ioXt Alliance | December 14, 2020
The Internet of Things Cybersecurity Improvement Act has now been signed into law, adjusting endeavors of the ioXt Alliance and the U.S. central government in tending to IoT security. The law necessitates that government organizations apply cybersecurity prerequisites to all bought and utilized IoT gadgets. The ioXt Alliance, the Global Standard for IoT Security, has driven industry-contribution to the advancement of the bipartisan-upheld enactment.
ioXt Alliance individuals have worked with delegates of the bill just as the National Institute of Standards and Technology (NIST) to understand this enactment and intently adjust it to industry best practices - like those set forth by the Alliance. The IoT Cybersecurity Improvement Act will currently expect principles to be characterized and at last executed, including necessities for IoT gadgets and administrations, just as weakness announcing and revelation for government bought gadgets. The two temporary workers and subcontractors the same will require weakness exposure programs.
“This action is a long time coming for IoT, and we applaud the steps the administration and industry have taken together to advance regulations around connected devices,” said Brad Ree, CTO of the ioXt Alliance. “We’re equally as committed to improving and driving the adoption of security standards and are eager to harmonize our principles with the IoT Improvement Act to further help manufacturers implement these critical measures. Between our certification program, cross-recognition programs, and compliance tools – our organization is best positioned to lead the charge.”
Inside 90 days of the bill passing, NIST should distribute the base security prerequisites for government organizations tending to the danger related with IoT gadgets. From that point, the Director of the Office of Management and Budget (OMB) will survey and support the particulars.
“We will continue to work closely with NIST along with private and public sector leaders to incorporate industry feedback into the IoT Act’s requirements,” continued Ree. “It is imperative that together, we build a scalable compliance program that will ensure the safety of this technology and will allow manufacturers to seamlessly navigate government and industry requirements across the globe. We are more than ready to start the process to finalize specifications and implementation. While this is U.S. government specific, we’re confident that it will serve as the catalyst that prompts network operators, consumer ecosystems, and retailers to follow suit in device security certification moving forward.”