Electronic identity verification

NSTIC opens next round of grants for secure ID technology

Project would use public-private partnerships to create easier, more secure authentication that would support online government services and commercial transactions.

High risk climb when rope breaks on dangling mountain climbers

Trusted ID, monitoring efforts can’t keep IT security off high-risk list

After 16 years of plans, strategies and regulation, federal IT security is one of 30 program areas designated by government auditors as high risk.

Smartphone with lock and key in it

5 tips for secure mobile apps

Security is a natural concern for agencies building mobile applications. Here are a few important points to keep in mind.

Dog unable to access bone on computer

FIDO plans to eradicate bad passwords, bolster online identification

The Fast Identity Online Alliance will release a protocol to make secure log-in more user friendly, making it easy to replace passwords with stronger authentication.

Businessman scaling a rockface into the clouds

FedRAMP is proving to be a tough test for cloud providers

Some cloud providers struggle to meet requirements such as multi-factor authentication, FIPS 140-2 compliance and providing a complete boundary definition, GSA's Kathy Conrad says.

Businessman on stone steps with mobile background

The 4 levels of authentication in a mobile world

The growing use of remote devices to access government resources spurs NIST to revise its guide on how to select the right authentication technology for groups of users.

Investigators looking at cellphone

Forensics tool helps police crack suspects' cell phones

Paraben's Device Seizure 6 can break passwords, track where a phone has been and map the complete file system, including deleted data.

Computer security

'Substantial' changes ahead for federal cybersecurity controls

NIST's updated catalog of security controls addresses new threats and lets agencies adapt baseline controls to meet their specific needs.

Complex gear system in cloud

Authentication with cloud, BYOD: It's complicated

The growth of IT services across the enterprise makes identifying users complex, but three government efforts aim to standardize and simplify access control.

Single sign on man handing over key

Single sign-on, trusted identities move closer to reality

As government pilots work out the details cross-platform authentication, ID systems by Google and Microsoft offer a preview of how they would work.

Network security via password

FCC improved its security after breach, but did it move too fast?

After a September 2011 data breach, FCC rushed to enhance security, but ignored security management practices and created unnecessary risks in its IT systems, GAO says.

Man using crowbar to break into house

Penetration testing: Pros and cons of attacking your own network

Pen-testing, or red-teaming, can be an indispensable tool for discovering and correcting network security weaknesses, but if not done right, things can go terribly wrong.

Topic Resources

  • Continuous Monitoring: Elevating Cybersecurity in State and Local Government

    State and local agencies are not required to comply with federal policies related to continuous monitoring and NIST's Cybersecurity Framework, but they would be better off if they did. Whether it is required or not, the concept of continuous monitoring has been proven to raise the level of cybersecurity when implemented appropriately and with the right tools. Join this webcast to learn more about how your agency could benefit from continuous monitoring and NIST guidance.

  • All About Self-Encrypting Drives

    With data security risks on the rise, an influx of government mandates and regulations for securing data have been implemented and are becoming the norm. Eliminating exposure of private data is now simply viewed as a mandatory and sound business practice. To avoid the high costs associated with these types of data compromises, organizations must put in place a comprehensive security strategy. Read this whitepaper to learn how self-encryption is achieving this initiative.

  • The Rising Threat of Enterprise Cybercrime

    Cybercriminals are leveraging vulnerabilities of the Internet, browsers, operating systems, and applications to secretly and proficiently gain access to information assets. Compromising employee endpoints with malware has become the preferred method; a far simpler path into the network than a direct network attack. Agencies need to recognize and address this growing danger.

  • Continuous Monitoring to Achieve Cybersecurity

    As the cyber threat landscape evolves, security methods and tools need to change, too. In this Digital Dialogue, Ken Durbin, manager of Continuous Monitoring Practice at Symantec, explains how the undefined boundaries of the modern IT infrastructure necessitate the deployment of continuous monitoring solutions.

  • Stopping Zero-Day Exploits for Dummies

    Cyber attacks are growing every day and can become serious threats to your organization, but how do you know and understand the threats out there? Download a copy of this book, and you will discover the zero-day exploits and threats used to compromise your agency.