By GCN Staff
Mar 16, 2021
The Federal Risk and Authorization Management Program has released supplemental requirements to ensure cloud service providers (CSPs) keep their container technology in compliance.
Released March 16, the document, Vulnerability Scanning Requirements for Containers, bridges the compliance gaps between traditional cloud and containerized systems by describing “the processes, architecture and security considerations specific to vulnerability scanning for cloud systems using container technology.”
Containers can be installed on bare metal or virtual machines, on-premise systems or within elastic cloud environments and are deployed and managed with various orchestration tools, the document states. According to FedRAMP, the technology introduces risk due to unvalidated external software, non-standard configurations, unmonitored container-to-container communication, ephemeral instances that are not tracked, unauthorized access and registry/repository poison
By Natalie Alms
Mar 17, 2021
The Department of Labor is using $9.6 million from recently expanded Technology Modernization Fund (TMF) to upgrade its enterprise data infrastructure.
The new project will improve the availability of the agency s data by boosting operational efficiency and public services so that federal agencies and other data consumers can access information more easily.
The Labor Department will use the funding to enable an evidence-based decision-making approach across enforcement, compliance unemployment insurance and other agency mission areas, the General Services Administration said in its announcement.
The proposed project will incorporate enterprise-standard predictive analytics and reporting capabilities into the department’s IT platform, implement enterprise data management and support an application programming interface and public-facing data portal to transform how the Labor Department shares data. “By the end of this project, DOL will unlock the
By Alan Duric
Mar 15, 2021
Government agencies have been unable to maintain trust in their cybersecurity capabilities this past year, and for good reason. The onset of the pandemic, followed by a year of tumultuous cyberattacks, has further damaged an IT infrastructure that had long been vulnerable to bad actors, nation-state and otherwise.
The perfect storm of pandemic-related events and vulnerable infrastructure has challenged federal, state and local governments. Not only did 2020 see a massive increase in data breaches, with the first quarter of the year showing a 278% increase in leaked government records, cyberattacks happened on a much larger scale, as seen with the SolarWinds hack that affected governments and businesses. These events have clearly shown that if governments continue relying on outdated and insufficient systems and protocols, the number of successful attacks will only grow in size and consequence.
The Defense Advanced Research Projects Agency’s SocialCyber program aims to create a dynamic situational awareness capability that can preserve the integrity and security of open source software projects.
By Mark Rockwell
Oct 19, 2020
It only takes one small breach to dent confidence in the nation’s election systems, according to a digital rights and technology expert.
While the Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have made great strides since 2016 to shore up local election infrastructure, “cybersecurity is an active process. Threats are constantly changing and evolving, so we need to keep making the case that election officials need to prioritize cybersecurity and not be complacent, said William Adler, senior technologist for elections and democracy at the Center for Democracy and Technology.
Adler s comments came during an Oct. 16 conference call with reporters. He and other officials at the technology and digital rights advocacy group explained the variety of threats facing the upcoming elections, from voter suppression to misinformation about mail-in ballots and cybersecurity. Even an unsuccessful attack, if detected and publi