The Fed’s EDR focus will unlock opportunities in cyber defense

By Amanda Mull, Contract Specialist

The cybersecurity of the federal government is constantly under attack.  A recent FISMA report from the Office of Management and Budget noted that in FY2020, agencies reported 30,819 cybersecurity incidents to the U.S. Computer Emergency Readiness Team. The variety of attack vectors continues to evolve, creating a dynamic threat landscape.

The government is addressing this challenge by mandating Endpoint Detection and Response (EDR) tools. Companies that can offer these tools and capabilities will be well-positioned to build their federal customer portfolio.

EDR is an integrated security solution that detects threats by combining real-time continuous monitoring and collection of endpoint data with rules-based automated responses and analysis capabilities. The data collected helps determine system security. Evaluation and machine analysis of the data provides coordinated detection of threats and conditions that elicit programmed responses, including follow up via human notifications and further actions to mitigate any potential or actual threats. 

EDR initiatives and Approved Product listing

On January 10, the Cybersecurity and Infrastructure Security Agency announced an expanded and revised EDR technical capability definition and new requirements for adding EDR items to the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program’s Approved Product List.

The federal EDR initiative includes a CISA dashboard to record data collected from all federal executive agency and department information systems. The dashboard metrics are intended to provide an overall federal cyber threat analysis. OMB and other federal actors plan to use the dashboard metrics to evaluate vulnerabilities and make budgetary decisions to fund cybersecurity improvements.

Agency EDR responsibilities and FISMA updating

Expectations for agency engagement are high. EDR implementation is mandated, and agencies must continue to develop and mature their EDR solutions – along with continued reporting of endpoint data to the coordinated CISA federal dashboard.

Read more of this post

Cybersecurity Opportunities within the Infrastructure Investment and Jobs Act

By Gabrielle Perea, Senior Market Intelligence Analyst

With the signing into law of the Infrastructure Investment and Jobs Act, significant funding has been allocated in support of highways, highway safety, and transit programs, including cybersecurity provisions. Cybersecurity providers have a significant opportunity to position their offerings as tools to help with cybersecurity provisions and opportunities detailed in the IIJA.

The IIJA provides $1.9 billion for cybersecurity, with a $1 billion grant program to assist state, local, and tribal governments to guard against cyberthreats and modernize systems, especially critical infrastructure. These funds will be disbursed by the Federal Emergency Management Agency over the course of 4 years, beginning in 2022, with disbursement guided by the Cybersecurity and Infrastructure Security Agency.

Read more of this post

GSA planning government-wide cloud BPA: What you need to know

By Adam Hyman, Director, Government Programs

Over the past couple years, immixGroup has tracked discussion about the General Services Administration putting together yet a new acquisition vehicle — this time around for cloud solutions. That initial chatter may now become reality.

In 2019, GSA released an RFI seeking industry input on providing cloud products and services in creative solution bundles, to better help customers with their business/technology needs and to save the government money.

This past October, GSA released another RFI related to cloud, making its intent clearer: GSA intends to establish a government-wide, Multiple Award Blanket Purchase Agreement using the following Special Item Numbers (SINs):

Read more of this post

NASCIO Survey shows three transformation areas: Digital services, cyber and people

By Chauncey Kehoe, SLED Contracts Manager

If 2020 was a roller coaster ride for state CIOs, the priority shaping their decisions now is to push forward with digital transformation.

The National Association of State Chief Information Officers publishes an annual survey of state CIOs and their perspectives. The 2021 State CIO Survey reveals insights from 49 state CIOs on the “short-term and long-term impact of the pandemic.”

The overwhelming consensus amongst state CIOs is that digital services, cyber security and people are going to continue to be top priority over the next year. This marks a shift from 2020, where, understandably, the emphasis was on initiating remote working and more online services for citizen programs.

I attended this year’s NASCIO conference, and what I heard from state CIOs was consistent with the survey findings. Let’s take a look at their current and planned focus areas.

Read more of this post

CMMC 2.0 streamlines requirements for contractors

By Hollie Kapos, Corporate Counsel

In September 2020, DoD published an interim rule to implement CMMC, which became effective November 30, 2020. The DoD received over 850 public comments in response, citing concerns with cost, trust in the assessment ecosystem, and alignment to other federal requirements.

Accordingly, it began an internal assessment of CMMC policy and implementation and, as a result, DoD has just announced CMMC 2.0, which makes several substantial changes from the original model.

Levels streamlined in CMMC 2.0

Levels 2 and 4 have been removed, so there are now only three instead of five levels of compliance as follows:

  • CMMC Level 1, Foundational – Requires implementation of the 17 controls from NIST SP 800-171 enumerated in FAR 52.204-21 and submission of an annual self-assessment to the DoD through the Supplier Performance Risk System (SPRS).  
  • CMMC Level 2, Advanced – Requires implementation of the 110 controls in NIST SP 800-171 and submission of an annual self-assessment or, if required to handle “critical national security information” (currently undefined), a triennial independent assessment performed by a CMMC Third Party Assessment Organization (C3PAO). 
  • CMMC Level 3, Expert – Requires implementation of the 110 controls in NIST SP 800-171 and a subset of controls from NIST SP 800-172 and a triennial government-led assessment. Requirements for level 3 are still being developed.
Read more of this post

Public Sector Basics, Part One: Know your audience

By Jimmy Baker, Public Sector Marketing Strategist

Understanding your government customers and how they gather information about technology solutions is vital for anyone involved in business development, capture efforts, marketing and selling. This blog looks at the differences between audience demographics at the federal, state and local government level, and how to address your marketing message accordingly.

First, however, I’ll let you in on a great resource. Market Connections publishes their Content Marketing Review, which is among the best surveys I’ve seen elaborating on what types of information the public sector needs to make decisions and where they go to get it.

As I mentioned in a previous blog, I’ve had the pleasure of interviewing Mari Canizales Coache from Market Connections about the study results and have had some riveting conversations. Here are some insights I’ve gleaned that should help you understand your audiences a little more.

Read more of this post

Encouraging the next generation to join the cybersecurity workforce

By Gail Bamford, Brand Marketing Manager

In support of the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Cybersecurity Career Awareness Week, immixGroup and Arrow Electronics recently hosted two webinars: “Women in Cyber” and “Careers in Cybersecurity for Liberal Arts.” Each event featured a panel of technology leaders. These important discussions are a “must-see” for business professionals, education leadership, parents, students, and individuals seeking a career change.

The goal of the NIST NICE Cybersecurity Career Week is to bring awareness to careers in cyber. According to cyberseek.org, there are 464,420 unfilled cybersecurity positions in America. As cybercrime as well as the level of sophistication of attacks rises, so does the need to educate and raise up the next generation of cyber defenders. 

A recent survey on women in the field of cybersecurity revealed that men outnumber women three to one. However, the percentages of women in key cybersecurity leadership positions are increasing. The “Women in Cyber” webinar discussion featured a panel of cybersecurity leaders sharing their insights on the field of cybersecurity. 

Read more of this post

Vaccine requirements for federal contractors: The latest Task Force guidance basics

By Jeff Ellinport, Division Counsel

As anticipated in my last blog, on September 24, 2021, the White House’s Safer Federal Workforce Task Force issued its expected guidance implementing the vaccination requirements for federal prime contractors and subcontractors. This action was pursuant to Executive Order 14042 (Ensuring Adequate COVID Safety Protocols for Federal Contractors) that President Biden issued on September 9.

While the guidance directly answered some questions posed in my last blog, it also created others. Here are the basics.

Requirements

The guidance sets out three main requirements:

  1. COVID-19 vaccination of covered contractor employees, except in limited circumstances where an employee is legally entitled to an accommodation
  2. Compliance by individuals, including covered contractor employees and visitors, with the guidance related to masking and physical distancing while in covered contractor workplaces
  3. Designation by covered contractors of a person or persons to coordinate COVID-19 workplace safety efforts at covered contractor workplaces
Read more of this post

CDM Notes: EO 14028 deadline is looming. Is your company ready to help?

By Amanda Mull, Contract Specialist

Cybersecurity specialists in the federal government are probably feeling the pinch right about now. By October 9, agencies will need to report on their current software systems as part of Executive Order 14028 on Improving the Nation’s Cybersecurity. If you are a vendor of cybersecurity products, you’d be well advised to make sure your business is appropriately listed – sooner, not later.

Following completion of their EO/OMB reports, agencies are to identify areas at high risk for cyberattacks – such as data theft, ransomware, and disturbances or exploitation of email or other communications.  By Identifying these vulnerabilities and whether agencies may be dependent on specific software or system providers, the federal government hopes to gain greater insight into problem areas.

Read more of this post

Most valuable types of information you can provide to government IT decision-makers

By Jimmy Baker, Public Sector Marketing Strategist

The last federal fiscal year was truly one for the history books and COVID-19 has changed the way government decision-makers receive and monitor information.

Like many marketing professionals around the country, I stay up to date on the latest trends in government policy, spending and marketing. With a FY22 technology budget of approximately $95B, I want to make sure the assets I create deliver value and resonate with government stakeholders.  

For the last several years, Market Connections has published the Content Marketing Review. This study is truly one of the best surveys out there on what and where the public sector is going for information. This report takes the time to break down the differences (in terms of content preference) between the federal government, state and local government and the education marketplaces.  

Here are the top three things I learned about the federal government from the 2021 Content Marketing Review:  

  1. 81% of government leaders will read research reports 
  2. 72% of government leaders will read white papers 
  3. 61% of government leaders attend webinars 

We have all heard the phrase “content is king.” However, the government needs some precise information before looking at a vendor’s content. This report provides vital insights and details that is a must read to anyone that markets and sells technology products and services to the public sector.  

Please make plans to read my blog next month as I interview Market Connection’s Mari Canizales Coache and go deeper into the results of the latest surveys on where government decision-makers go to learn more about technology products and services.  

Keep on top of the latest trends in government IT. Subscribe to immixGroup’s Government Sales Insider blog now!

Learn more about Market Connections’ 2021 Content Market Review.

%d bloggers like this: