Project would use public-private partnerships to create easier, more secure authentication that would support online government services and commercial transactions.
After 16 years of plans, strategies and regulation, federal IT security is one of 30 program areas designated by government auditors as high risk.
Security is a natural concern for agencies building mobile applications. Here are a few important points to keep in mind.
The Fast Identity Online Alliance will release a protocol to make secure log-in more user friendly, making it easy to replace passwords with stronger authentication.
Some cloud providers struggle to meet requirements such as multi-factor authentication, FIPS 140-2 compliance and providing a complete boundary definition, GSA's Kathy Conrad says.
The growing use of remote devices to access government resources spurs NIST to revise its guide on how to select the right authentication technology for groups of users.
Paraben's Device Seizure 6 can break passwords, track where a phone has been and map the complete file system, including deleted data.
NIST's updated catalog of security controls addresses new threats and lets agencies adapt baseline controls to meet their specific needs.
The growth of IT services across the enterprise makes identifying users complex, but three government efforts aim to standardize and simplify access control.
As government pilots work out the details cross-platform authentication, ID systems by Google and Microsoft offer a preview of how they would work.
After a September 2011 data breach, FCC rushed to enhance security, but ignored security management practices and created unnecessary risks in its IT systems, GAO says.
Pen-testing, or red-teaming, can be an indispensable tool for discovering and correcting network security weaknesses, but if not done right, things can go terribly wrong.