“The Biden administration issued its cybersecurity executive order (EO) in May 2021, giving marching orders to Federal agencies to move to zero trust security architectures, among other directives. During a SCGov panel discussion today, Federal chief information security officers (CISOs) shared how they’re leveraging their agency’s previous programs around zero trust to fulfill the obligations of the EO.
Shane Barney, CISO at the U.S. Citizenship and Immigration Services (USCIS), and Robert Wood, CISO at the Department of Health and Human Services’ Centers for Medicare & Medicaid Services, both said their agencies had already made zero trust a priority prior to the EO, so the EO was a welcome incentive to accelerate their efforts…”
“In terms of operationalizing everything in the EO, Wood said his agency put together a small task force that meets and coordinates regularly to decide how ‘to tackle certain parts of EO.’
‘We also just started looking for like, what are the easy, quick wins? You know, something like EDR [endpoint detection and response] – fairly quick win, if you’re not already doing it,’ Wood said…”
“Wood also took the time to advise agencies to build strong partnerships with the contractor community and vendors to meet the EO requirements as well.
‘I’m also a big fan of explicitly including contract team members as well as Fed team members in planning and decisions, things like that,’ Wood said. ‘We have really been trying to lean into a very open and inclusive and transparent culture.’…” Read the full article here.
Source: How Fed CISOs are Complying With the Cyber EO – By Grace Dille, November 16, 2021. MeriTalk.
