EMERGING TECHNOLOGY, CYBERSECURITY
Prnewswire | May 05, 2023
IDEMIA Identity and Security (I&S) North America, the leading provider of biometrics and secure identity solutions to federal, state, and local government agencies, is pleased to announce they have been awarded a contract by the Transportation Security Administration (TSA) for the next generation Credential Authentication Technology (CAT). The contract ceiling is $128M with a period of performance over seven years.
CAT is utilized by the TSA to ensure ID authentication* and confirm boarding pass and Secure Flight pre-screening status at the airport security checkpoint. CAT provides enhanced fraudulent ID detection capabilities while confirming the identity and flight information of travelers and is currently being utilized at approximately 200 airport locations nationwide. The next generation CAT, CAT 2, enhances security screening and enables a touchless experience through biometric technology that includes face match ** and acceptance of digital identity credentials, like Mobile ID.
"CAT is one of the most innovative programs we have worked on at IDEMIA, and we are proud to continue building robust identity validation and verification technologies for our partners at TSA, supporting our Homeland's security mission," said Donnie Scott, CEO, IDEMIA I&S North America. "The CAT program is setting the standard for us in our public private partnerships across government. Earlier this year we delivered our 2,054th CAT unit to the TSA, a milestone truly representing our team's hard work, dedication and subject matter expertise in identity and security."
IDEMIA I&S North America has also been an authorized TSA PreCheck® enrollment provider since 2013, processing enrollments for over 17 million travelers to date.
About IDEMIA Identity and Security (I&S) North America
IDEMIA I&S North America is a leader in identity security and authentication services to governments and private companies, operating in North America. Our mission is to Unlock the World, Make It Safer - helping people access what matters most, more quickly, more safely, and more securely, in both the physical and the digital worlds. Our best-in-class technology helps to authenticate and secure physical and digital transactions. IDEMIA is recognized by the National Institute of Standards (NIST) as a top-ranking participant in the Institute's passenger facilitation simulation testing as well as in its regular Face Recognition Vendor Test (FRVT) rankings, reinforcing the trustworthiness and reliability of IDEMIA's facial recognition solutions for government and consumers alike.
Read More
CYBERSECURITY
Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
About Tidelift
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/
Read More
EMERGING TECHNOLOGY, CYBERSECURITY
Businesswire | May 12, 2023
Tanium, the industry’s only provider of converged endpoint management (XEM), today announced that Tanium Cloud for U.S. Government (TC-USG) is now authorized for the State Risk and Authorized Management Program (StateRAMP).
StateRAMP was founded in 2020 from the need to provide a uniform approach to verifying that cloud services providers met the established standards and regulations required to do business with state and local governments. As a registered 501(c)(6) organization, StateRAMP is committed to making the digital landscape a safer and more secure place.
Tanium’s own StateRAMP certification marks the company’s continued investment in providing state and local government departments greater certainty around IT and security systems tasked with safeguarding constituent services, sensitive information, assets, and work sites. By consolidating point-solution capabilities into a single platform delivered via the cloud, TC-USG will enable agencies to mitigate risks from cyberattacks and ensuing data breaches while reducing complexity and cost across many environments.
“We have long been focused on strengthening cybersecurity and IT oversight for our state, local, and education organizations here at Tanium,” said Jennifer Axt, vice president of the U.S. SLED practice at Tanium. “StateRAMP authorization is the latest milestone confirming Tanium as the vendor of choice for visibility, control, and remediation across IT and security stacks for government teams so they can focus on what matters most: serving constituents and educating students.”
Recent regulations and requirements have placed an emphasis on government organizations to retire outdated hardware and software, creating a need to leverage cloud technology and embrace digital transformation. TC-USG delivers the complete functionality of the Tanium XEM platform as a fully managed, cloud-based service, enabling state and local entities to use the power of XEM with no additional infrastructure. The single Tanium agent deployed on the endpoints and managed via the cloud platform converges multiple point solutions spanning asset discovery and inventory, endpoint management, certificate management, unified policy configuration, digital employee experience, risk, compliance, and incident response. These solutions, with built-in automation, will enable agencies to improve their security posture, ensure compliance, reduce complexity, decrease costs, and improve efficiency and collaboration among IT, risk, and security teams.
“As a former deputy state CIO, I understand the constant threat of cyberattack that our state IT leaders face,” said Chris Cruz, Tanium’s public sector CIO. “With states leaning more heavily toward cloud-enabled service offerings, and even requiring it for new software procurements, solutions like the Tanium XEM platform are critical to mitigate risk in real time and achieve complete endpoint visibility across increasingly complex IT landscapes. With StateRAMP, we’re able to continue supporting local and statewide agencies with a level of security designed to combat today’s threats.”
Tanium was granted StateRAMP authorized status after successfully completing all security and system validations set by program administrators. The company currently supports more than 20 U.S. states in their goals of achieving a holistic, real-time view across their IT landscape including the state of Arizona, Tanium’s StateRAMP sponsor, whose Department of Homeland Security selected Tanium XEM for the state’s award-winning cyber readiness program. Tanium has also been an active leader in the whole-of-state (WoS) movement and continues to offer best practices, guidance, and consolidated tools for other states pursuing similar approaches to cybersecurity and IT management. By validating state and local agencies’ cyber posture with unparalleled visibility of all hardware and software assets, risk dashboards, role-based access controls, and a source of truth for asset data across multiple department levels, the Tanium XEM platform supports a WoS security strategy.
About Tanium
Tanium, the industry’s only provider of converged endpoint management (XEM), is the reference platform of choice to manage complex security and technology environments. Only Tanium protects every endpoint from cyber threats by integrating workflows across IT, Risk, Compliance, and Security into a single platform that delivers comprehensive visibility across devices, a unified set of controls, real-time remediation, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for seven consecutive years and ranks for the second consecutive year on the Fortune 100 Best Companies to Work For. In fact, more than half of the Fortune 100 and the U.S. Armed Forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere.
Read More