As we step into the next phase of digital transformation, cybersecurity is making headlines more than ever. The federal government is laying the groundwork for a more resilient future through its forward-thinking strategy that revolves around zero trust architecture. The issuance of the Executive Office of the President Memorandum (M-22-09) underpins the dedication to this crucial cause, outlining the critical steps federal agencies must undertake to embrace compliance and automation.
1. Federal Data Security Strategy: The Challenge of Categorization
At the heart of this strategy is the call for a Federal Data Security Strategy that includes meticulous data categorization and tagging. Such a strategy surpasses the conventional understanding of “datasets,” extending to loosely structured and dispersed data systems such as email and document collaboration. The challenge lies not just in maintaining and protecting packaged datasets stored in databases or published online but also in grappling with intermediate datasets that exist mainly to support other primary datasets.
To tackle this challenge, the Federal Chief Data Officer (CDO) Council and the Federal Chief Information Security Officer (CISO) Council will create a joint working group on zero trust data security for agencies. This working group is expected to formulate a data security guide that addresses how existing Federal information categorization schemes can support effective data categorization in a security context.
The working group will also aid in the development of enterprise-specific data categories not addressed by existing Federal categories. As this task demands a profound understanding of both data management and security, the working group will engage closely with key Federal councils and stakeholders. Amid a maturing technology market supporting enterprise-wide data categorization, the working group will support and pilot emerging approaches within agencies.
2. The Crucial Role of Automating Security Responses
Automating security responses is a focal point of the zero trust strategy. As agencies grapple with security events throughout their systems and cloud infrastructure, automation of security monitoring and enforcement – commonly referred to as Security Orchestration, Automation, and Response (SOAR) – is vital.
Implementing SOAR in a large enterprise requires careful tuning and iteration to avoid disrupting the organization’s daily work. For an automated security system to operate effectively with minimal hands-on management, it must keep false positives and false negatives low.
Successful security automation will need rich data and nuanced permission management. Agencies should employ machine learning-based heuristics to categorize the data they gather and detect anomalous behavior in real-time. However, given the complexity of machine learning models and the specialized skills needed to oversee and configure the software, agencies will initially need to identify simple technical approaches that do not require machine learning, such as scripts or regular expressions.
3. Auditing Access to Sensitive Data in the Cloud
As data increasingly moves to the cloud, auditing access to sensitive data encrypted at rest in commercial cloud infrastructure becomes a critical priority. Cloud-based infrastructure providers now offer a wide array of services, including cloud-managed encryption and decryption operations with associated logs. These services enhance the security of data at rest and ensure that even if an agency’s environment is fully compromised, the associated audit logs remain trustworthy.
By utilizing key management tools to create reliable audit logs documenting attempts to access encrypted data, agencies can enhance their zero trust architecture and make efficient use of resources. Whether keys are customer-managed or provider-managed, the core requirement is that any decryption attempts are logged reliably by a separate system.
4. Emphasizing Timely Access to Logs
The ability to respond and recover from incidents and breaches depends significantly on timely access to logs, whether in agency-owned infrastructure or third-party maintained cloud infrastructure. Following the EO 14028 directive and recommendations from the Cybersecurity and Infrastructure Security Agency (CISA), agencies are to ensure centralized access and visibility for their top-level security operations center (SOC) and increase information-sharing to accelerate incident response.
To streamline this effort, Memorandum M-21-31 establishes a tiered maturity model guiding agencies through the implementation of requirements. This model assists agencies in balancing the adoption of requirements for implementation, log categorization, improved SOC operation, and centralized access. Agencies are expected to reach the first event logging maturity level by a set date, which will involve measures limiting access to logs and allowing cryptographic verification of logs, as well as logging DNS requests.
The Role of SecHard in Supporting Compliance and Automation
SecHard is uniquely positioned to offer the necessary guidance, tools, and support as the federal government embarks on this vital journey toward enhanced cybersecurity. SecHard, with its deep expertise in cyber security, offers solutions aligning with the Federal Zero Trust Strategy, paving the way for seamless compliance and automation. By fostering trust and strengthening national cybersecurity, SecHard is a dedicated partner in this transformative journey towards a resilient digital future.
In the fast-paced and ever-evolving landscape of cybersecurity, organizations must adopt a comprehensive approach to information security to implement Zero Trust (ZT) effectively. This includes robust resilience practices, meticulous identity and access management, continuous monitoring, and, most importantly, rigorous security hardening. When these elements are balanced with existing cybersecurity policies and guidelines, ZT can provide robust protection against common threats, bolstering an organization’s security posture with a managed risk approach.
Recognizing the pivotal role of ZT in cybersecurity, the USA has mandated its implementation across all Federal agencies, as stated in the memorandum published by the Executive Office of the President on January 26, 2022.
Among the various aspects of ZT implementation, security hardening often presents the most significant challenges. As per the Center for Internet Security (CIS), this involves modifying hundreds of settings across thousands of devices. Enter SecHard’s security hardening module. It swiftly generates gap analysis reports as per industry standards and automates remediations within seconds.
Before the advent of SecHard, implementing ZT involved purchasing and managing many products. However, with SecHard, such complexities are a thing of the past. Our holistic approach and automated remediation features bring you the peace of mind you deserve, making the transition to ZT smoother and more efficient. Book a free demo to learn more: https://sechard.com/book-a-demo/