Information Assurance

Happy birthday HSPD-12; there’s still a long way to go

The presidential directive mandating interoperable smart government ID cards is 10 years old this month, and represents an impressive effort to specify and implement the technology. Now we need to put it to use.

CANES tech will propel future Navy networks afloat

The Navy’s Consolidated Afloat Networks and Enterprise Services project will standardize and consolidate systems the Navy’s afloat network.

DISA approves AWS for more sensitive workloads

The Defense Information Systems Agency authorized Amazon Web Services as the first commercial cloud approved at “security impact levels” 3-5 for highly sensitive workloads.

Will Knox tip government buyers toward Android?

Samsung’s Knox containerization technology, together with sophisticated vetting in defense and security circles, is gaining traction in federal, state and local markets.

Insider threats add pressure for real-time fixes to workforce risks

The Snowden and Wikileaks affairs, as well as potential threats from other insiders, has ratcheted up the urgency for a near-real-time analytic approach to government insider workforce risks.

New tools link enterprise, perimeter and next-gen security

Point solutions to protect the perimeter of the enterprise are not obsolete, but a new generation of tools is arriving to complement them and provide the awareness needed to defend against new complex and targeted threats.

Big data takes on the kill chain

Big data systems can correlate structured and unstructured data to paint a complete picture about an agency’s overall IT health and offer insight into the sophisticated threats.

Heartbleed prognosis: Long, laborious discovery, recovery

Described as "one of the scariest bugs I've seen" by a DOD technical analyst, Heartbleed could leave agency systems from enterprise email to Web sites vulnerable to attack.

NIST, DHS push security automation to the next stage

SCAP sets standards to ensure products work together, while Einstein is evolving into an automated tool that will not only detect, but block, malicious code.

New risk on the block: Bring your own cloud

What agencies can do to manage the risks of using consumer cloud accounts such as iCloud, Evernote and Dropbox to store and access business data.

DARPA takes multipronged approach to securing military's cloud

As DOD moves into cloud computing, pilots and projects look to assess risk and develop multiple layers of network defense.

5 programs break down the elements of an identity ecosystem

Groups will run a variety of pilots for trusted identities covering areas ranging from first-responder authentication and secure business transactions to the exchange of health care information.

DIA message system slashes clearance-level red tape

Two-stage DIA protocol preps documents to move at 'moment's notice' across separate security domains.

Report: 2 states' online registration systems vulnerable to hackers, fraud

Flaws in the voter databases in Mayland and Washington state would allow hackers to effectively prevent people from voting, the New York Times reports.

Using a ‘sinkhole’ to squash the Nitol botnet

Microsoft has reached a settlement with the operators of the 3322.org domain in China to “sinkhole” traffic to 70,000 malicious subdomains.

Agencies yet to 'crack the code' on mobile management, security

Mobility is key for unlocking productivity, but government still struggles to securely manage mobile devices and their data, agency IT leaders say.

CyberScope falls flat on improving IT security, feds say

Most federal officials questioned in a recent survey said that requirements for continuous monitoring of security status have not reduced risk in the IT systems.