Keeper Security | August 25, 2022
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, and connections, today announced that the company has obtained FedRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The KSGC password management and security solution has successfully completed the rigorous FedRAMP accreditation process. This highly sought-after and difficult to attain designation sets KSGC apart from its competitors as the best in class zero-trust and zero-knowledge security solution for government agencies to protect their passwords, data, and secrets. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements.
To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. This alone can take organizations months or years, depending on the complexity of the system. Authorization can only be pursued by an organization through partnering with a federal agency or the Joint Authorization Board (JAB). Additionally, the system must be evaluated and assessed by an authorized independent third-party auditor prior to submitting for final review and authorization by the FedRAMP Program Management Office.
"Keeper is proud to bring its password management and cybersecurity platform to FedRAMP Authorized status," said Darren Guccione, CEO and Co-Founder of Keeper Security. "This authorization demonstrates Keeper's longstanding -- and, some would say, fanatical -- commitment to the highest standards of internal security controls and encryption. Keeper is prepared to help federal agencies protect their digital assets against ransomware, data breaches and other password-related cyberattacks."
"As a FedRAMP Authorized password management and security solution, KSGC will enable Carahsoft and our reseller partners to help federal agencies better secure their sensitive information and protect against password related breaches, Keeper's zero-knowledge, zero-trust architecture solves compliance and regulatory enforcement requirements, providing a trusted, reliable solution that meets government needs."
-Steve Jacyna, who leads the Keeper Security team at Carahsoft.
Today's attackers are advanced at using any breached username and password combination to run through analytics and bots to find any use or similar use combination. By leveraging password managers, a constant health check can be maintained for password diversification and security, said Jean-Paul Bergeaux, Federal Chief Technology Officer of GuidePoint Security. Enterprises cannot assume users are doing this and KSGC provides a way for government security teams to maintain password security while also significantly improving user experience throughout their work life.
The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.
Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.
About Keeper Security:
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyber attacks while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password and secrets management, privileged access, secure remote infrastructure access and encrypted messaging.
Keeper's products are the highest-rated in the industry across G2, Trustpilot, PCMag and U.S. News & World Report. For the last several years, Keeper has received several InfoSec Awards from Cyber Defense Magazine for its cyber security enterprise software. Keeper is SOC 2 and ISO 27001 certified, and FIPS 140-2 validated, and Keeper is the only FedRAMP Authorized enterprise password management solution. Keeper is backed by Insight Partners, a leading venture capital and private equity firm with $90b AUM.
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Federal, State and Local Government and Education and Healthcare. As the Master Government Aggregator® for its vendor and reseller partners, Carahsoft delivers solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more.
About GuidePoint Security:
GuidePoint Security provides cybersecurity solutions and services that help organizations make better decisions. GuidePoint Security's holistic approach enables organizations to identify threats, optimize resources, and integrate solutions that mitigate risk.
EMERGING TECHNOLOGY,GOVERNMENT FINANCE
Inca Digital | September 26, 2022
The Defense Advanced Research Projects Agency (DARPA) has awarded Inca Digital's government contracting division, Inca Digital Federal, a Phase II Small Business Innovation Research (SBIR) contract to research advanced methods for analyzing activity related to financial applications of distributed ledgers in a project called: "Mapping the Impact of Digital Financial Assets".
The aim of the SBIR is to understand and visualize how digital assets implicate national security.
"Digital asset markets hold amazing promise, but also contend with money laundering, market manipulation, and state actors that may pose risks to U.S. national security, Given the increasing prevalence of digital assets, the Department of Defense and other federal agencies need to have better tools to understand how digital assets operate and how to leverage their jurisdictional authority over digital asset markets globally."
-Adam Zarazinski, CEO of Inca Digital.
As a result of this SBIR, Inca Digital Federal will develop a first-of-its-kind cryptocurrency ecosystem mapping tool for analyzing cross-market crypto-financial data and risk.
The data analytics from Inca Digital will allow both the United States government and commercial companies to:
Perform cross-market, crypto-financial mapping and analysis
Understand relationships between digital asset firms and non-digital asset entities
Identify how cryptocurrency may affect traditional financial systems and vice-versa
Provide insight into the use of blockchain-based technologies linked to money laundering, terrorist financing, and sanctions evasions across systems (e.g., fiat-to-exchange, exchange-to-blockchain, and cross-blockchain transactions)
Better understand money flows in and out of blockchain systems
Identify where recipients of cryptocurrency can exchange it for local fiat currency, or goods and services, globally
Understand how cryptocurrencies are used in different U.S. government/Department of Defense areas of responsibility
This research is being developed by funding from the Defense Advanced Research Projects Agency (DARPA). The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.
About Inca Digital:
Inca Digital and its government contracting entity, Inca Digital Federal, analyze data across crypto markets, blockchains, and news and social media to deliver comprehensive intelligence to the financial institutions, technology firms and government entities that are shaping the digital asset space.
EMERGING TECHNOLOGY,GOVERNMENT BUSINESS
Homeland Security Technology Consortium | August 12, 2022
The Homeland Security Technology Consortium (HSTech), Advanced Technology International (ATI), and TechConnect today announced 17 finalists in the Security Innovation Challenge. These candidates will vie for $25,000 in prizes on September 29, 2022 when they pitch cutting-edge identity management technology before a room of corporate buyers, funders, and federal agencies in Washington, D.C. at Defense TechConnect Innovation Summit. Finalists also receive membership to HSTech, which supports the Department of Homeland Security in providing collaborative R&D and rapid prototyping capabilities critical to homeland security missions.
"If you're capable and interested in making security and privacy-centric contributions for the betterment of the nation, there are no funding vehicles more powerful than HSTech's consortium-managed other transaction authority, The Security Innovation Challenge will bring together finalists which are 85% non-traditional, meaning they are new to government contracting. These are technology solutions our nation might never have found without HSTech engagement, and we're honored to help build that bridge between private-sector and government needs."
-Matthew Laudon, Vice President - TechConnect Division, ATI.
Challenge applicants represent privacy-centric solutions for both civilian and federal applications, especially in the areas of artificial intelligence (AI) and machine learning (ML); cybersecurity platforms; data harmonization software; pattern recognition software; and real-time analytics platforms. Primarily more advanced technologies, 65% represent technology readiness level six (6) or higher; and 85% boast at least prototype development.
"The Homeland Security Technology Consortium supports the security of our nation by addressing mission needs at the Department of Homeland Security and its partner agencies. Privacy-centric identity management technologies and processes remain critical capabilities across the federal enterprise, and we're excited to see what this group of innovators can show us in September."
-Michael Dougherty, Executive Director of HSTech.
About Homeland Security Technology Consortium:
The Homeland Security Technology Consortium (HSTech) supports the collaborative R&D and rapid prototyping/piloting needs for the U.S. Department of Homeland Security and its components. HSTech sources capabilities across the homeland security and national border security technology spectrum.
With 25+ years of experience connecting emerging technologies with unique funding and partnership opportunities, TechConnect boasts the most robust research and innovation network in the world. It employs a broad scope of tools to deliver top technologies, including open innovation programs, conferences, and open-access publications. Each year, TechConnect prospects, vets, and connects thousands of emerging technologies with corporate, investment, municipal, and national defense clients. TechConnect is a division of Advanced Technology International.
About Advanced Technology International:
ATI, a public-service nonprofit based in Summerville, S.C., builds and manages collaborations that conduct research and development of new technologies to solve our nation's most pressing challenges. Fueled by a community of experts from industry, academia, and government, ATI accelerates impact by using the power of collaboration to help the federal government quickly acquire novel technologies. ATI is a subsidiary of Analytic Services, Inc. (ANSER), a public-service research institute organized as a nonprofit corporation, which is dedicated to informing decisions that shape the nation's future.
StateRAMP | September 21, 2022
StateRAMP announces its growing list of governments working with StateRAMP to validate their third-party suppliers' cyber security posture who use or offer cloud products to deliver services.
The growing list of participating governments comes on the heels of the National Association of State Procurement Officials (NASPO) recent announcement naming StateRAMP a Strategic Partner. Working together, StateRAMP and NASPO will work to develop educational content and resources for state government.
"With responsibilities for critical infrastructure, vital services, and mass storage of confidential and privacy data, government, at all levels, is a prime target for cybercrime, We are thrilled to see all levels of State and Local Government engaging in StateRAMP to improve our collective cyber posture for the citizens we serve."
-J.R. Sloan, President of the StateRAMP Board and Chief Information Officer for the State of Arizona.
Procuring technology tools and services is complicated work, and many organizations have sought to make that process easier for the public sector. By focusing on cybersecurity risk management, StateRAMP addresses a key pain point for state and local public agencies—and the vendors and suppliers that serve them. With a grounding in the reality of state and local government operations—and by building on widely adopted best practices—StateRAMP is exactly the sort of smart innovation that the public sector needs and deserves, said Doug Levin, National Director, K12 Security Information eXchange (K12 SIX).
"We are excited to work with our strategic partners and members to continue toward our mission of promoting best practices in government for managing supplier cloud security, When there is a common problem, there is an opportunity for a shared solution. In cloud security, the shared solution is StateRAMP for all levels of government and the vendors who serve them."
-Leah McGrath, Executive Director, StateRAMP.
StateRAMP is a nonprofit organization that launched in early 2021 and brings state and local governments together with the suppliers who serve them to recognize best practices in cloud security and provides a standardized approach to cloud cybersecurity verification.
StateRAMP provides state and local governments assurance that the suppliers they are working with meet the minimum cybersecurity standards through independent audits and ongoing continuous monitoring. StateRAMP is designed as a shared service for government and a streamlined service for suppliers who can verify their products one time and reuse that certification with each government agency they serve. StateRAMP maintains an Authorized Product List (APL) which lists products that have achieved a security status and those products going through the process.
About K12 Security Information eXchange (K12 SIX):
The K12 Security Information eXchange (K12 SIX) offers cybersecurity resilience to keep students learning and school districts operating.