NIST’s cloud computing roadmap recommends actions to ensure that cloud computing offerings meet the security needs of government as well as the requirements of multiple tenants.
With as much as 90 percent of the code used for in-house development is based on pre-fabricated modules, we need better tools that scan components for potential vulnerabilities before they are tied into actual products.
When online health insurance exchanges failed to perform as expected during the Affordable Care Act’s first open enrollment period, call centers became a vital backup. How will things roll in the upcoming OE2?
Android Lollipop and iOS8 present government mobility managers with more options for balancing end-user convenience with the requirements of high-threat, classified environments.
The recent SandWorm report on cyber espionage against NATO highlights the need for strategies such as the cyber kill chain to detect and disable stealthy, zero-day threats before they bleed you dry.
Shortly after the Heartbleed bug caused a panic in security circles, along comes something which could be even more serious and the reaction seems to be one big yawn.
Growing resources and increasing attention being paid to continuous monitoring could help agencies consolidate last year's gains in FISMA performance.
While the private sector is winding down its use of the decades-old algorithm in their products, government is still grinding out SHA-1 certificates.
It’s not a competition, but neither provides completely secure or effective access control on its own. What is needed is an appropriate combination of technologies.
Secure Socket Layer-based encryption remains vulnerable to attack despite promising efforts to tighten management of the humble but critical security protocol.