Security

A Conversation With ITIF About the State of Federal Government Websites

Sep 20, 2017 |

Since it’s been nearly six months since their report was released, we wanted to check in with ITIF and see what they’ve learned, what they’ve heard from agencies and what their future plans are to build on this research. Read »

A Conversation With ITIF About the State of Federal Government Websites

The Data Briefing: How Blockchain’s Future Growth Will Affect Federal Agencies

Sep 13, 2017 |

Blockchains are an innovative technology which promises to radically change how society conducts business. It will take significant changes in organizational processes before agencies can begin to support blockchains. Read »

The Data Briefing: How Blockchain’s Future Growth Will Affect Federal Agencies

Government Launches Login.Gov to Simplify Access to Public Services

Aug 28, 2017 | ,

Joel Minton, a member of the U.S. Digital Service, is working with GSA’s Technology Transformation Service as the director of login.gov. Tom Mills is the Chief Technology Architect at U.S. Customs and Border Protection. In early April, the U.S. Digital Service and 18F launched login.gov, a single sign-on solution for government websites that will enable Read »

Government Launches Login.Gov to Simplify Access to Public Services

NIST Publishes NICE Cybersecurity Workforce Framework

Aug 22, 2017 |

Categorizing and Describing Cybersecurity Work for the Nation The National Initiative for Cybersecurity Education (NICE) is pleased to announce the release of Special Publication 800-181, the NICE Cybersecurity Workforce Framework. This publication serves as a fundamental reference to support a workforce capable of meeting an organization’s cybersecurity needs. It provides organizations with a common, consistent Read »

NIST Crafts Next-Generation Safeguards for Information Systems and the Internet of Things

Aug 22, 2017 |

Information systems—from communications platforms to internet-connected devices—require both security and privacy safeguards to work successfully and protect users in our increasingly complex and interconnected world. Toward these ends, the National Institute of Standards and Technology (NIST) has issued a new draft revision of its widely used Special Publication (SP) 800-53, Security and Privacy Controls for Information Read »

‘Cybersecuring’ the Internet of Things

Jun 29, 2017 |

I recently had the chance to talk with the legendary Vint Cerf, one of the founding fathers of the internet. We had a wide-ranging discussion about the past, present and future of the internet, network security and what it would take to successfully, safely and reliably merge the digital and physical worlds, a concept known Read »

FICAM’s New Resources Help Solve Government’s Identity Management Challenge

Jun 12, 2017 |

In today’s digital world, it’s imperative that government agencies safeguard citizens’ physical and electronic security. In the world of Federal IT, adopting and advancing cybersecurity can’t be accomplished in one day, or by one agency. Federal agencies must work together to tackle complex problems and stay ahead of evolving network threats. The Federal Identity, Credential, Read »

Hybrid Cloud: A Key to Phasing in New Technologies

Jun 8, 2017 |

Like any newer technology, cloud computing has faced adoption challenges. IT managers understand the huge potential efficiency improvements and savings that cloud computing can bring to their agencies, but also have questions about security, compatibility, and funding. With these concerns and without a clear path to cloud computing, many agencies continue to maintain on-premises solutions. Read »

Federalist Is out of Beta and Open for Business

Jun 5, 2017 | ,

If you’re a program manager or a federal web developer you’ve probably been given a seemingly simple task: Create a basic website as part of a new initiative at your agency. The hardest part is often not crafting the content or designing the prototype, but getting the security and privacy compliance in order to launch Read »

From Launch to Landing: How NASA Took Control of Its HTTPS Mission

May 26, 2017 |

18F Editor’s note: This is a guest post by Karim Said of NASA. Karim was instrumental in NASA’s successful HTTPS and HSTS migration, and we’re happy to help Karim share the lessons NASA learned from that process. In 2015, the White House Office of Management and Budget released M-15-13, a “Policy to Require Secure Connections Read »

CSP and 3PAO Roles and Responsibilities

May 23, 2017 |

We wanted to share some high-level guidance for CSPs and 3PAOs we created with the JAB teams to provide insight into the different roles and responsibilities for 3PAOs and CSPs in our authorization process. These roles and responsibilities were created and refined over the last year as we refined the JAB’s authorization process through FedRAMP Read »

The Next Step Towards a Bug Bounty Program for the Technology Transformation Service

May 18, 2017 | , ,

On May 9, we took a big step toward creating a bug bounty program for our agency by issuing an award to HackerOne for a Software-as-a-Service bug-reporting platform. The TTS Bug Bounty will be a security initiative to pay people for identifying bugs and security holes in software operated by the General Service Administration’s Technology Read »

Cybersecurity: Protecting Manufacturing Technology and Innovation

May 4, 2017 |

Recently a segment on my favorite morning news program stopped me in my tracks. The young and attractive hosts (why are they always so young and attractive?) were demonstrating new appliances including a smart refrigerator. The fridge was equipped with all kinds of high-tech features including touch screen displays, a camera inside that allows you Read »

DHS Study on Mobile Device Security

May 4, 2017 |

The Department of Homeland Security (DHS) has submitted a report to Congress that details current and emerging threats to the Federal government’s use of mobile devices and recommends security improvements to the mobile device ecosystem. The DHS Science and Technology Directorate (S&T) led the study in coordination with the National Institute of Standards and Technology Read »

DotGov Domain Registration Program to Provide HTTPS Preloading in May

Apr 12, 2017 | ,

Effective May 15, 2017, GSA’s DotGov Domain Registration Program will begin providing HSTS Preloading services for federal agencies. HSTS stands for HTTP Strict Transport Security (or HTTPS, for short). This new service helps ensure that visitor communication with .gov websites is not modified or compromised, and hostile networks cannot inject malware, tracking beacons, or otherwise monitor Read »

Top