How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security
Whether the goal is to compromise sensitive government data, steal personally identifiable information or disrupt normal operations, the sophistication of attacks is making it more difficult to safeguard the Federal government’s cyber critical infrastructure. Large scale information breaches like those we see in the news often begin with an attacker exploiting a single external vulnerability on a low-level system or through contractor credentials, then capitalizing on privileges to gain access to critical systems and data. What can government agencies do to protect their environments from this constant threat?
In June of 2015 the Federal CIO Initiated a 30-day Cybersecurity Sprint to accelerate the adoption of several key countermeasures. The result of that sprint informed the development of the Cybersecurity Strategy and Implementation Plan (CSIP) which incorporates ongoing progress reporting and corrective actions. It also emphasizes the government-wide adherence to NIST standards and FISMA Metrics.
The CSIP lays the groundwork for strengthening cybersecurity in Federal civilian agencies through five objectives:
- Prioritized Identification and Protection of high value information and assets;
- Timely Detection of and Rapid Response to Cyber Incidents;
- Rapid Recovery from incidents when they occur and Accelerated Adoption of lessons learned from the Sprint assessment;
- Recruitment and Retention of the most highly-qualified Cybersecurity Workforce talent the Federal Government can bring to bear, and
- Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology.
For the purpose of this brief, we will explore Protection, Detection, and Recovery objectives.