US Department of Homeland Security directive requires federal agencies to fix critical flaws within 15 days

Computing | May 02, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security (DHS) has issued a new binding operational directive (BOD) for federal agencies, ordering them to patch critical security flaws discovered on their internet-accessible systems within 15 days of first detection. And the countdown to remediate security flaws will start as soon as they are first detected during CISA's weekly cyber hygiene vulnerability scanning. The order cuts in half the deadline for patching critical flaws from 30 days. Flaws deemed "high" in severity still have a 30 day deadline for fixing.

Spotlight

Governments around the world are enacting stronger cybersecurity mandates in which Zero Trust features as a central theme. Eighty-eight percent of security leaders agree that adopting a Zero Trust approach is very important.1 But while desire and regulatory momentum is there, overall implementation is lagging.

Spotlight

Governments around the world are enacting stronger cybersecurity mandates in which Zero Trust features as a central theme. Eighty-eight percent of security leaders agree that adopting a Zero Trust approach is very important.1 But while desire and regulatory momentum is there, overall implementation is lagging.

Related News

EMERGING TECHNOLOGY, GOVERNMENT BUSINESS

Skyhigh Secure Web Gateway Is Now Authorized by FedRAMP

Skyhigh Security | February 15, 2023

On February 14, 2023, Skyhigh, a Security Service Edge Leader, announced that its Skyhigh Secure Web Gateway achieves Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorization. Federal government agencies and government contractors are increasingly adopting cloud technologies to enhance efficiency, promote agility, and reduce costs. The FedRAMP Authorization enables these organizations to implement Skyhigh SWG, a component of the Skyhigh Security Service Edge (SSE) portfolio, to provide continuous, secure access for users anywhere, shield vital government data, and protect against today's advanced threats. The U.S. government program, FedRAMP, evaluates cloud security vendors based on a standardized security framework for cloud products and services, focuses on protecting sensitive federal data in the cloud. Its process demonstrates the Skyhigh SWG solution has been assessed and approved by the C-level security officers from the Department of Defense (DoD), the General Services Administration and the Department of Homeland Security. Skyhigh SWG enables authorized government users to connect securely to the cloud and web from anywhere and on any device. It prevents threats from entering an environment and sensitive data from leaving by monitoring inline traffic and acting as a gateway between users, websites, applications, and data. Multiple integrated technologies, such as Remote Browser Isolation (RBI), Cloud Access Security Broker (CASB), and Data Loss Prevention, are used by Skyhigh SWG to protect federal agencies from potentially malicious or unauthorized websites and cloud applications (DLP). The Skyhigh SSE portfolio safeguards data and prevents threats in the cloud through all Software-as-a-Service applications, Shadow IT, and Infrastructure-as-a-Service environments from a single, cloud-native enforcement point. It gives organizations to control and visibility of their data in the cloud, irrespective of where it resides. It offers a DLP engine with single user-friendly centralized management and reporting dashboard, a single policy framework through all data exfiltration vectors and multi-layered security technologies to protect all possible use cases in the federal government environment. About Skyhigh Security Skyhigh Security, headquartered in San Jose, California, is committed to assisting clients in securing the world's data. It protects organizations with data-aware and user-friendly cloud-native security solutions. Its industry-leading Security Service Edge (SSE) Portfolio goes beyond data access and focuses on data use, enabling organizations to collaborate securely from any device and location. It allows organizations to gain complete visibility and control and to monitor and mitigate security risks seamlessly, thereby reducing associated costs, enhancing efficiencies, and keeping up with the pace of innovation.

Read More

CYBERSECURITY

Cyware Cyber Fusion Centre (CFC) Platform Now Designated as FedRAMP Ready

Cyware | January 27, 2023

On January 26, 2023, a next-generation cybersecurity solutions provider Cyware, announced that its Cyber Security Centre (CFC) had achieved FedRAMP Ready designation from the Federal Risk and Authorization Management Program's PMO (FedRAMP PMO). The adoption of secure cloud services throughout the federal government by offering a standardized approach to security for cloud technologies deployed in federal agencies is promoted by FedRAMP, a US govt-based program. The designation FedRAMP Ready signifies that a Third-Party Assessment Organization attests to Cyware's security capabilities and that a RAR (Readiness Assessment Report) has been deemed acceptable and reviewed by the FedRAMP PMO. As a result, the Cyware platform enables contractors and government agencies to benefit from the solution's advanced threat intelligence automation and created threat response capabilities which can improve the adoption of secure cloud technologies. Cyware's CFC offers federal security teams a solution to improve security effectiveness, speed up proactive response, and improve collaboration within the whole security ecosystem of a federal agency. The main goal is to make the country safer from cyberattacks by making better use of tools, resources, and assets that already exist. Chief Executive Officer of Cyware, Anuj Goel, said, "We are proud that Cyware has achieved this important FedRAMP milestone. This demonstrates our commitment to enhancing threat intelligence sharing and security operations for the public sector." He also said, "Now federal customers can leverage our platform to enable security collaboration, extend threat visibility, correlate threat intelligence, and ensure the highest levels of cloud security through intelligent orchestration and response." (Source: Business Wire) About Cyware Founded in 2016, a product-based cyber security provider,Cyware offers full-stack innovative cyber fusion solutions for all-source, technical, tactical, and operational threat response automation and threat intelligence sharing. The company empowers enterprises to adapt to the evolving threat landscape is utilizing the advances in ML, AI, Security Automation and Orchestration Technologies. The Cyber Fusion solution from Cyware combines SOAR and TIP technology, which makes it easier for security teams that work in separate groups to work together. Many government agencies, businesses, and MSSPs use the company. It also offers platforms for sharing threat intelligence for the majority of ISAC organizations around the world.

Read More

EMERGING TECHNOLOGY, GOVERNMENT BUSINESS

Unanet ERP GovCon to Offer Streamlined Solution for Planate Management Group

Unanet | March 09, 2023

On March 08, 2023, one of the leading providers of project-based ERP and CRM for government contractors, Unanet, announced Planate Management Group, the government contracting firm, selected Unanet ERP GovCon to offer a more in-built and streamlined solution for their business processes and to help the company as its scales rapidly. A service-disabled veteran-owned small business (SDVOSB), Planate is headquartered in Alexandria, Virginia, with a workforce of more than 200 people. It specializes in master planning and facility, architecture and engineering support, engineering design, and environmental services for DoD, federal, and industry clients in over 20 countries globally. The management group is expecting significant growth both domestically and internationally in 2023. As a result, company leaders determined it was time to abandon the disparate, off-the-shelf accounting software on which the company relied, as these systems were causing significant project and operational inefficiencies that negatively impacted the bottom line. Planate selected Unanet's purpose-built platform for government contractors for its ERP solutions requirements. Planate set Unanet's platform based on the positive ratings from other GovCon users and strong customer service and training track record. As a result, Planate will replace its patchwork of non-integrated tools for time entry, accounting, and project management with Unanet, a modern platform where these and other capabilities are fully integrated and work together effortlessly. According to Unanet's recent Gauge Report, which highlights trends, best practices, and business challenges in the government contracting industry, approximately 30% of GovCon small businesses cite organic growth as the leading cause of their financial challenges. About Unanet Unanet is a leading ERP and CRM solution provider for government contractors, AEC, and professional services. The company is based in Dulles (Virginia). It has over 3200 project-driven organizations that rely on Unanet to help them with information and actionable insights to make better decisions and boost the business, including Haskell, Array, NewFields and many more. It offers all support with its people-centered team, which works towards the success of clients' projects, people, and finances. Its products include Unanet ERP GovCon, ERP AE, CRM GovCon, and CRM by Cosential.

Read More