With the government locking down all federal agency systems until mid-July in what’s being dubbed an emergency “sprint” to get all systems to better meet secure compliancy.
Richard Parris, CEO of Intercede commented on Govt Cybersecurity Compliancy:
“The mandated 30-day sprint by The White House has confirmed that the data breaches of various government agencies have become the rule rather than the exception. Despite years of talk and billions of dollars invested in upgrading the nation’s cybersecurity infrastructure, federal agencies are as prone to cyberattacks now as ever before. According to a recent SCA conference speech by Trevor Rudolph, 52% of federal civilian cybersecurity incidents could have been prevented by strong authentication implementation. The emergency 30-day sprint procedure denoted by The White House is an immediate call for action to implement a gold standard for federal identity and credential access management (FICAM) that can already be supported by the infrastructure in place within the next month – any further delay is unacceptable if we are to keep the information of the nation and its citizens protected.
It is not a case of reinventing the wheel; all federal employees have already been issued with personal identity verification (PIV) credentials. This allows agencies to immediately meet two of the four standards outlined by the sprint: tighter control of “privileged user access” and “multi-factor authentication.” However, this doesn’t address the growing appetite for mobile working from federal employees. The White House need to be certain that this mandated sprint to better secure the federal workplace is not negated by the potential ‘out of control‘ growth of mobile devices. This is where derived credential management plays a key role in addressing evolving working habits through secure mobility. This is not something limited to the federal environment – derived credentials can be applied in any organization with an existing smart card system in place.
Intercede is the first company to offer a derived credential management system to control the issuance, maintenance and revocation of mobile credentials in compliance with both the Federal Information Processing Standard 201 (a response to Homeland Security Presidential Directive 12 that created a common identification standard across federal agencies via smart cards) and the standard’s update addressing mobile deployment. With successful deployments to multiple agencies in both the UK and the US, we can confidently state that the technology exists to quickly reduce the number of breaches that have rocked the foundation of cybersecurity in the United States – now it’s just an issue of deploying the tools at our disposal to stop any further hacks from occurring.”