Testing by NSS Labs shows that not only do antivirus products miss known exploits, they often are blind to the same ones, opening windows of opportunity for attackers -- particularly against legacy agency systems.
The group has brought the Trusted Platform Module in line with government requirements, but security standards must keep pace with mobile computing and rapidly changing threat environments.
The explosive growth in information generated by security tools is putting a premium on the ability to analyze large volumes of data, say experts, who also call for active defense.
An incomplete transition to a new IT security framework has left weaknesses in some systems holding sensitive census information, according to a GAO report.
Mobile devices can be a risk to secure environments. A CACI exec says one approach to security has been to alter the hardware of Apple iPads.
Project would use public-private partnerships to create easier, more secure authentication that would support online government services and commercial transactions.
After 16 years of plans, strategies and regulation, federal IT security is one of 30 program areas designated by government auditors as high risk.
Security is a natural concern for agencies building mobile applications. Here are a few important points to keep in mind.
The Fast Identity Online Alliance will release a protocol to make secure log-in more user friendly, making it easy to replace passwords with stronger authentication.
Some cloud providers struggle to meet requirements such as multi-factor authentication, FIPS 140-2 compliance and providing a complete boundary definition, GSA's Kathy Conrad says.
The growing use of remote devices to access government resources spurs NIST to revise its guide on how to select the right authentication technology for groups of users.
Paraben's Device Seizure 6 can break passwords, track where a phone has been and map the complete file system, including deleted data.