Resources on Security
Privacy-Preserving Collaboration Using Cryptography —In conjunction with her May 2020 presentation, Dr. Emily Shen outlines her work on Secure multi-party computation (MPC), a type of …
OMB Circular A-130 —Managing Information as a Strategic Resource
How to Prevent Security Certificates From Expiring During a Lapse in Operations —These are the steps that people in government can take to avoid having security certificates expire during a lapse in operations.
Federal Information Security Management Act of 2002 – Presentation to the 2003 FISSEA Conference —The head of the agency delegates to the CIO a number of information security responsibilities. The CIO in turn designates a senior agency …
Social Media Cyber-Vandalism Toolkit —Cyber-vandalism presents a serious challenge to online-based communication tools. This document provides guidance and security practices to …
Tools and Services
Digital Dashboard —Measures how U.S. government domains are following best practices for federal websites.
Cloud.gov —A FedRAMP approved cloud hosting platform that makes it easy for federal agencies to get on the cloud by simplifying procurement, security, …
FedRAMP —The Federal Risk and Authorization Management (FedRAMP) is a process that authorizes cloud products and services.
Login.gov —An identity management service that provides secure and private online access to participating government programs.
News and Events on Security
FedRAMP Launches OSCAL Developer Data Bites Series
FedRAMP Launches OSCAL Developer Data Bites Series&mndash;FedRAMP is excited to launch an Open Security Controls Assessment Language (OSCAL) Developer Data Bites series! It will cover a variety of technical topics regarding users’ utilization of OSCAL for FedRAMP, FedRAMP automation updates or changes, and open forum conversations with subject matter experts. The first OSCAL Developers Data Bites session will be held on Thursday, September 1, at 12:00 pm, EDT. The series will continue on a bi-weekly basis. — via FedRAMP
Modernize Your Identity Management Process Through ILM
Modernize Your Identity Management Process Through ILM—GSA’s Office of Government-wide Policy is pleased to announce the Identity Lifecycle Management (ILM) Playbook, designed for identity program managers, and enterprise and application architects interested in modernizing their identity management process for federal employees. This practical guide helps federal agencies understand how to shift their focus from managing employee access based on credentials to managing the lifecycle of identities as outlined in section III of OMB Memo 19-17. This will help agencies achieve an enterprise Identity, Credential, and Access Management (ICAM) system that is agile enough to support technology modernization and aligns with the Federal Identity, Credential, and Access Management (FICAM) architecture. — via General Services Administration
FedRAMP Penetration Test Guidance Updates
Penetration Test Guidance Updates—These updates were made to address the ever-changing cybersecurity landscape. Revisions include updated guidance around existing and new threats as well as addressing attack vectors so they’re in alignment with current best practices. Learn about the four initiatives included in the revision process, and download the new June 2022 PDF. — via FedRAMP
C-SCRM Acquisition Community of Practice (ACoP) Interact Site
C-SCRM Acquisition Community of Practice (ACoP) Interact Site—Since the launch of the Cybersecurity Supply Chain Risk Management (C-SCRM) Acquisition Community of Practice (ACoP), GSA and the Cybersecurity and Infrastructure Security Agency (CISA) have been co-leading an effort to broaden the level of awareness and develop agency maturity in the areas of acquisitions, supply chain risk management, and cybersecurity across the federal government for information communication technology and services (ICTS). To increase C-SCRM awareness and adoption government-wide, the C-SCRM ACoP launched an online collaborative space for the federal government’s IT community and industry to share best practices, ideas, guidance, tools, and expertise needed to implement C-SCRM requirements. Working together as a community and sharing information will help us improve our cybersecurity posture across all levels of government. — via General Services Administration
Technology-boosting TMF Investments Deliver Benefits for the American Public
Two Years of Federal Student Aid’s Virtual Assistant Lead to Lessons Learned and a Clear Vision of the Work Ahead
GSA Highlights Progress on Citizen-Facing Digital Services, Cybersecurity in First Year of American Rescue Plan
GSA Highlights Progress on Citizen-Facing Digital Services, Cybersecurity in First Year of American Rescue Plan—Ahead of the first anniversary of the signing of the American Rescue Plan, legislation which has been the key driver of a strong economic recovery, provided the tools needed to fight the pandemic, and made long-term investments to revitalize the local economy in communities around the country, the U.S. General Services Administration (GSA) highlighted some of the key ways these investments are driving progress on technology modernization and making digital services simpler and more secure across government. — via General Services Administration
Go-Live Checklist for Federal Websites
GSA’s Fedramp Celebrates 10 Years of Impact on Cloud Security
GSA’s FedRAMP Celebrates 10 Years of Impact on Cloud Security—Today, the Federal Risk and Authorization Management Program (FedRAMP) celebrates its 10-year anniversary. On December 8, 2011, the Office of Management and Budget (OMB) signed a memo establishing FedRAMP to provide a cost-effective, risk-based approach for the adoption and use of cloud services. This landmark reflects GSA and FedRAMP’s commitment to protecting public and federal information through supporting IT modernization and securing IT infrastructure. Over the past ten years, the program has seen an incredible increase in the adoption of FedRAMP-authorized services and will play a critical role in improving the nation’s cybersecurity. — via General Services Administration
Security is Everyone’s Responsibility: Delivering Secure, Usable Login for Government
A Dashboard for Privacy Offices
A Dashboard for Privacy Offices—Through work funded by 10x, a team from 18F investigated how technology can help busy privacy offices manage your PII, and make their work more accessible and understandable for the public. — via 18F