Pentagon Issues Memo on Continuous Authorization to Operate; Continuous Vetting of All Troops; Continuous Diagnostic and Mitigation Adoption

DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS - MEMORANDUM PENTAGON LEADERSHIP

February 2022

SUBJECT: Continuous Authorization To Operate (cATO)

The Risk Management Framework (RMF) establishes the continuous management of system cybersecurity risk. Current RMF implementation focuses on obtaining system authorizations (ATOs) but falls short in implementing continuous monitoring of risk once authorization has been reached. Efforts in the Department are attempting to emphasize the continuous monitoring step of RMF to allow for continuous authorization (cATO). Real-time or near real-time data analytics for reporting security events is essential to achieve the level of cybersecurity required to combat today’s cyber threats and operate in contested spaces. The purpose of this memo is to provide specific guidance on the necessary steps to allow systems to operate under a cATO state.

Read More

Pentagon Requests More Cybersecurity Funding

The Pentagon's request for more funding is $800 million more than what the Pentagon wanted last year and includes investments in zero trust architecture and support to the Defense Industrial Base (DIB). This request also includes adding five cyber mission force teams for a total of 142 teams, according to budget documents.

There is no surprise that they are requesting billions of dollars for cyberspace activities in its fiscal 2023 budget. The need for more funding is for various efforts, including increasing cybersecurity support for defense contractors, hardening its own networks, operationalizing zero trust architecture, and for “cyber ranges” much like rifle ranges, but for all things digital. The Pentagon investing to improve readiness in the nation’s cyber force by funding cyber ranges to enable training and exercises in the cyber domain. Finally, the budget lays the foundation for U.S. Cyber Command to have ownership of the mission and resources of the cyber mission force beginning in FY24 as directed in the FY22 NDAA.

Read More

Comply To Connect - The Pentagon's Defense Against Cyber Attacks

By 2025, it is estimated that there will be at least 75 billion connected devices in what is being called the “Internet of Things” (IoT). With advances in microprocessors, sensing devices, and software, pretty soon anything that can be connected will be connected.

The Pentagon's Defense against Cyber Attacks

Here's What You Need to Remember: Seven years ago, the DoD created Comply to Connect (C2C) as a way to secure its growing array of network endpoints.

The proliferation of devices on the Internet is becoming a tidal wave. In addition to your phone, computer, video game console, and television, the Internet now connects practically everything that has electronics and sensors: household appliances, heating, and air conditioning systems, cars, airplanes, ships, industrial robots, public utilities, home security systems, children’s toys, and medical devices.

Read More

Best Practices for Securing Critical Infrastructure for State & Local Governments

Government agencies are increasingly finding themselves as targets for cyberattacks. Summarizing some of the best practices these agencies can use to stay secure and highlight some of the possible consequences to having vulnerabilities. Our elections systems have been a strong focus in recent years; we are drawing upon lessons learned in that realm and extending them across the government IT infrastructure. Above all, this should be reference architecture for Security Officers and CIOs, for all government entities and departments.

Read how to do more with less in government >>

Read More

Subscribe Here!