Security

Secure websites and a secure online presence foster trust between the public and government.

To protect sensitive information while maintaining access for authorized users, prioritize the implementation of security and management controls. The responsibility, however, to ensure website safety extends beyond technology. Publicly share your security protocols and establish a clear channel for users to report any suspicious activity. By making security a collaborative effort, you'll build trust, protect sensitive information, and ensure that your website functions securely.

Federal Information Security Modernization Act of 2014 (FISMA) (Public Law 113-283) (PDF, 265 KB, 16 Pages)

Federal Information Security Modernization Act of 2014 (FISMA) (Public Law 113-283) (PDF, 265 KB, 16 Pages)

Resources on Security

Tools and Services

  • Digital Dashboard

    Measures how U.S. government domains are following best practices for federal websites.

  • Cloud.gov

    A FedRAMP approved cloud hosting platform that makes it easy for federal agencies to get on the cloud by simplifying procurement, security, and compliance.

  • FedRAMP

    The Federal Risk and Authorization Management (FedRAMP) is a process that authorizes cloud products and services.

  • Login.gov

    An identity management service that provides secure and private online access to participating government programs.

Security events

This summit brings together the federal community to share success stories and best practices for utilizing federal source code and open source software, and examine the implementation of the Federal Source Code policy.

Hosted by Digital.gov and the Code.gov

2020
10x project teams will demonstrate their work to date and provide brief overviews of each project. We hope that these talks will highlight some of the most interesting work happening in government today and inspire others to submit ideas to 10x.
Watch Video

Hosted by Digital.gov and the 10x

2020

Security news

The Cybersecurity Battleground: Reflecting on the past, envisioning the future

This month marks the 20th anniversary of Cybersecurity Awareness Month, as well as the beginning of a new government fiscal year. In this Great Government through Technology blog post, Laura Stanton, Assistant Commissioner in the Office of Information Technology Category (ITC) of GSA’s Federal Acquisition Service (FAS), takes the opportunity to delve into some recent notable cybersecurity events, the broader implications for government agencies, and her vision as GSA continues to play a pivotal role in positioning agencies to create a safer and more secure digital future. — via General Services Administration

General Services Administration logo

Oct 18, 2023

Why the American People Deserve a Digital Government

OMB released new policy guidance for government that includes a variety of actions and standards to help federal agencies design, develop, and deliver modern websites and digital services. Memo M-23-22, Delivering a Digital-First Public Experience, will make it seamless for the public to obtain government information and services online, and help agencies fully implement the 21st Century Integrated Digital Experience Act (21st Century IDEA). — via The White House

The White House logo

Sep 22, 2023

Resources on Security

Tools and Services

  • Digital Dashboard

    Measures how U.S. government domains are following best practices for federal websites.

  • Cloud.gov

    A FedRAMP approved cloud hosting platform that makes it easy for federal agencies to get on the cloud by simplifying procurement, security, and compliance.

  • FedRAMP

    The Federal Risk and Authorization Management (FedRAMP) is a process that authorizes cloud products and services.

  • Login.gov

    An identity management service that provides secure and private online access to participating government programs.

More News and Events on Security

97 posts

The Cybersecurity Battleground: Reflecting on the past, envisioning the future

This month marks the 20th anniversary of Cybersecurity Awareness Month, as well as the beginning of a new government fiscal year. In this Great Government through Technology blog post, Laura Stanton, Assistant Commissioner in the Office of Information Technology Category (ITC) of GSA’s Federal Acquisition Service (FAS), takes the opportunity to delve into some recent notable cybersecurity events, the broader implications for government agencies, and her vision as GSA continues to play a pivotal role in positioning agencies to create a safer and more secure digital future. — via General Services Administration

General Services Administration logo

Oct 18, 2023

Why the American People Deserve a Digital Government

OMB released new policy guidance for government that includes a variety of actions and standards to help federal agencies design, develop, and deliver modern websites and digital services. Memo M-23-22, Delivering a Digital-First Public Experience, will make it seamless for the public to obtain government information and services online, and help agencies fully implement the 21st Century Integrated Digital Experience Act (21st Century IDEA). — via The White House

The White House logo

Sep 22, 2023

Cybersecurity Awareness Month

This year, the Federal Cyber Workforce Management and Coordinating Working Group, in partnership with OPM, is hosting an interagency contest to promote and expand awareness of the Cyber Professionals Community on Open Opportunities. This community serves as a central hub to post and participate in cyber career development opportunities. Download their Toolkit (1.29 MB, 21 pages) to learn more about the interagency contest that runs October 3rd to December 2nd. — via Open Opportunities

Open Opportunities logo

Oct 08, 2022

FedRAMP Launches OSCAL Developer Data Bites Series

FedRAMP Launches OSCAL Developer Data Bites Series&mndash;FedRAMP is excited to launch an Open Security Controls Assessment Language (OSCAL) Developer Data Bites series! It will cover a variety of technical topics regarding users’ utilization of OSCAL for FedRAMP, FedRAMP automation updates or changes, and open forum conversations with subject matter experts. The first OSCAL Developers Data Bites session will be held on Thursday, September 1, at 12:00 pm, EDT. The series will continue on a bi-weekly basis. — via FedRAMP

FedRAMP logo

Aug 18, 2022

Modernize Your Identity Management Process Through ILM

Modernize Your Identity Management Process Through ILM—GSA’s Office of Government-wide Policy is pleased to announce the Identity Lifecycle Management (ILM) Playbook, designed for identity program managers, and enterprise and application architects interested in modernizing their identity management process for federal employees. This practical guide helps federal agencies understand how to shift their focus from managing employee access based on credentials to managing the lifecycle of identities as outlined in section III of OMB Memo 19-17. This will help agencies achieve an enterprise Identity, Credential, and Access Management (ICAM) system that is agile enough to support technology modernization and aligns with the Federal Identity, Credential, and Access Management (FICAM) architecture. — via General Services Administration

General Services Administration logo

Aug 12, 2022

FedRAMP Penetration Test Guidance Updates

Penetration Test Guidance Updates—These updates were made to address the ever-changing cybersecurity landscape. Revisions include updated guidance around existing and new threats as well as addressing attack vectors so they’re in alignment with current best practices. Learn about the four initiatives included in the revision process, and download the new June 2022 PDF. — via FedRAMP

FedRAMP logo

Jul 05, 2022

C-SCRM Acquisition Community of Practice (ACoP) Interact Site

C-SCRM Acquisition Community of Practice (ACoP) Interact Site—Since the launch of the Cybersecurity Supply Chain Risk Management (C-SCRM) Acquisition Community of Practice (ACoP), GSA and the Cybersecurity and Infrastructure Security Agency (CISA) have been co-leading an effort to broaden the level of awareness and develop agency maturity in the areas of acquisitions, supply chain risk management, and cybersecurity across the federal government for information communication technology and services (ICTS). To increase C-SCRM awareness and adoption government-wide, the C-SCRM ACoP launched an online collaborative space for the federal government’s IT community and industry to share best practices, ideas, guidance, tools, and expertise needed to implement C-SCRM requirements. Working together as a community and sharing information will help us improve our cybersecurity posture across all levels of government. — via General Services Administration

General Services Administration logo

Jun 30, 2022

IT Modernization

Technology-boosting TMF Investments Deliver Benefits for the American Public

The Technology Modernization Fund (TMF) is working to transform the way the government uses technology to deliver for the American public in an equitable, secure and user-friendly way. It strategically invests in priority IT modernization projects that are aligned with the fast pace of changing technology and agency needs. Here are a few examples of how the TMF has invested in multiple projects that are helping many agencies deliver what people need when they need.
May 23, 2022

GSA Highlights Progress on Citizen-Facing Digital Services, Cybersecurity in First Year of American Rescue Plan

GSA Highlights Progress on Citizen-Facing Digital Services, Cybersecurity in First Year of American Rescue Plan—Ahead of the first anniversary of the signing of the American Rescue Plan, legislation which has been the key driver of a strong economic recovery, provided the tools needed to fight the pandemic, and made long-term investments to revitalize the local economy in communities around the country, the U.S. General Services Administration (GSA) highlighted some of the key ways these investments are driving progress on technology modernization and making digital services simpler and more secure across government. — via General Services Administration

General Services Administration logo

Mar 10, 2022

GSA’s Fedramp Celebrates 10 Years of Impact on Cloud Security

GSA’s FedRAMP Celebrates 10 Years of Impact on Cloud Security—Today, the Federal Risk and Authorization Management Program (FedRAMP) celebrates its 10-year anniversary. On December 8, 2011, the Office of Management and Budget (OMB) signed a memo establishing FedRAMP to provide a cost-effective, risk-based approach for the adoption and use of cloud services. This landmark reflects GSA and FedRAMP’s commitment to protecting public and federal information through supporting IT modernization and securing IT infrastructure. Over the past ten years, the program has seen an incredible increase in the adoption of FedRAMP-authorized services and will play a critical role in improving the nation’s cybersecurity. — via General Services Administration

General Services Administration logo

Dec 08, 2021

Unique Vulnerability Counts with Container Scanning

Unique Vulnerability Counts with Container Scanning—As Cloud Service Providers (CSPs) start to submit their container vulnerability scans in order to meet Container Scanning Guidance requirements, stakeholders monitoring submissions should expect to see large increases in the number of unique vulnerabilities. Learn what’s different, and the potential impact for agencies and CSPs. — via FedRAMP

FedRAMP logo

Dec 02, 2021