Security

Resources on Security

Privacy-Preserving Collaboration Using Cryptography —In conjunction with her May 2020 presentation, Dr. Emily Shen outlines her work on Secure multi-party computation (MPC), a type of …
OMB Circular A-130 —Managing Information as a Strategic Resource
How to Prevent Security Certificates From Expiring During a Lapse in Operations —These are the steps that people in government can take to avoid having security certificates expire during a lapse in operations.
Federal Information Security Management Act of 2002 – Presentation to the 2003 FISSEA Conference —The head of the agency delegates to the CIO a number of information security responsibilities. The CIO in turn designates a senior agency …
Social Media Cyber-Vandalism Toolkit —Cyber-vandalism presents a serious challenge to online-based communication tools. This document provides guidance and security practices to …

Tools and Services

Digital Dashboard —Measures how U.S. government domains are following best practices for federal websites.
Cloud.gov —A FedRAMP approved cloud hosting platform that makes it easy for federal agencies to get on the cloud by simplifying procurement, security, …
FedRAMP —The Federal Risk and Authorization Management (FedRAMP) is a process that authorizes cloud products and services.
Login.gov —An identity management service that provides secure and private online access to participating government programs.

News and Events on Security

66 posts

Identity, Credential, and Access Management

The Privileged Identity Playbook Guides Management of Privileged User Accounts

The Privileged Identity Playbook is a practical guide to help federal agencies implement and manage a privileged user management function as part of an overall agency ICAM program.

Kenneth Myers

Nov 10, 2022

FedRAMP Launches OSCAL Developer Data Bites Series

FedRAMP Launches OSCAL Developer Data Bites Series&mndash;FedRAMP is excited to launch an Open Security Controls Assessment Language (OSCAL) Developer Data Bites series! It will cover a variety of technical topics regarding users’ utilization of OSCAL for FedRAMP, FedRAMP automation updates or changes, and open forum conversations with subject matter experts. The first OSCAL Developers Data Bites session will be held on Thursday, September 1, at 12:00 pm, EDT. The series will continue on a bi-weekly basis. — via FedRAMP

Aug 18, 2022

Modernize Your Identity Management Process Through ILM

Modernize Your Identity Management Process Through ILM—GSA’s Office of Government-wide Policy is pleased to announce the Identity Lifecycle Management (ILM) Playbook, designed for identity program managers, and enterprise and application architects interested in modernizing their identity management process for federal employees. This practical guide helps federal agencies understand how to shift their focus from managing employee access based on credentials to managing the lifecycle of identities as outlined in section III of OMB Memo 19-17. This will help agencies achieve an enterprise Identity, Credential, and Access Management (ICAM) system that is agile enough to support technology modernization and aligns with the Federal Identity, Credential, and Access Management (FICAM) architecture. — via General Services Administration

Aug 12, 2022

FedRAMP Penetration Test Guidance Updates

Penetration Test Guidance Updates—These updates were made to address the ever-changing cybersecurity landscape. Revisions include updated guidance around existing and new threats as well as addressing attack vectors so they’re in alignment with current best practices. Learn about the four initiatives included in the revision process, and download the new June 2022 PDF. — via FedRAMP

Jul 05, 2022

C-SCRM Acquisition Community of Practice (ACoP) Interact Site

C-SCRM Acquisition Community of Practice (ACoP) Interact Site—Since the launch of the Cybersecurity Supply Chain Risk Management (C-SCRM) Acquisition Community of Practice (ACoP), GSA and the Cybersecurity and Infrastructure Security Agency (CISA) have been co-leading an effort to broaden the level of awareness and develop agency maturity in the areas of acquisitions, supply chain risk management, and cybersecurity across the federal government for information communication technology and services (ICTS). To increase C-SCRM awareness and adoption government-wide, the C-SCRM ACoP launched an online collaborative space for the federal government’s IT community and industry to share best practices, ideas, guidance, tools, and expertise needed to implement C-SCRM requirements. Working together as a community and sharing information will help us improve our cybersecurity posture across all levels of government. — via General Services Administration

Jun 30, 2022

IT Modernization

Technology-boosting TMF Investments Deliver Benefits for the American Public

The Technology Modernization Fund (TMF) is working to transform the way the government uses technology to deliver for the American public in an equitable, secure and user-friendly way. It strategically invests in priority IT modernization projects that are aligned with the fast pace of changing technology and agency needs. Here are a few examples of how the TMF has invested in multiple projects that are helping many agencies deliver what people need when they need.

GSA Blog Team

May 23, 2022

Two Years of Federal Student Aid’s Virtual Assistant Lead to Lessons Learned and a Clear Vision of the Work Ahead

Education’s FSA team behind Aidan® shares what they’ve learned over the past two years to help drive improvements and expand the product to a wider range of users.

Laura Nadel

Christine Wilkes

May 02, 2022

GSA Highlights Progress on Citizen-Facing Digital Services, Cybersecurity in First Year of American Rescue Plan

GSA Highlights Progress on Citizen-Facing Digital Services, Cybersecurity in First Year of American Rescue Plan—Ahead of the first anniversary of the signing of the American Rescue Plan, legislation which has been the key driver of a strong economic recovery, provided the tools needed to fight the pandemic, and made long-term investments to revitalize the local economy in communities around the country, the U.S. General Services Administration (GSA) highlighted some of the key ways these investments are driving progress on technology modernization and making digital services simpler and more secure across government. — via General Services Administration

Mar 10, 2022

Policy

Go-Live Checklist for Federal Websites

Covering the breadth of federal web policy, the new downloadable checklist organizes policy requirements into nine categories and explains what your agency needs to do to meet each requirement.

Rachel Flagg

Jan 13, 2022

GSA’s Fedramp Celebrates 10 Years of Impact on Cloud Security

GSA’s FedRAMP Celebrates 10 Years of Impact on Cloud Security—Today, the Federal Risk and Authorization Management Program (FedRAMP) celebrates its 10-year anniversary. On December 8, 2011, the Office of Management and Budget (OMB) signed a memo establishing FedRAMP to provide a cost-effective, risk-based approach for the adoption and use of cloud services. This landmark reflects GSA and FedRAMP’s commitment to protecting public and federal information through supporting IT modernization and securing IT infrastructure. Over the past ten years, the program has seen an incredible increase in the adoption of FedRAMP-authorized services and will play a critical role in improving the nation’s cybersecurity. — via General Services Administration

Dec 08, 2021

Privacy

How login.gov incorporated human centered design and continuous discovery into their product development process to improve the user experience.

Julia Elman

Mar 02, 2021

A Dashboard for Privacy Offices

A Dashboard for Privacy Offices—Through work funded by 10x, a team from 18F investigated how technology can help busy privacy offices manage your PII, and make their work more accessible and understandable for the public. — via 18F