Winvale Blog

Over the past year the Department of Defense (DOD) has been conducting the Defense Industrial Base (DIB) pilot program which increased the amount of classified and unclassified information flowing between the DOD and private industry. The pilot included 17 defense companies and internet carriers AT&T, Verizon and CenturyLink.

In recent years, foreign hackers have had more success stealing information from systems owned and operated by companies in the defense industrial base.  Lockheed Martin is among the companies included in the pilot program, which several years ago had terabytes of data related to the Pentagon’s Joint Strike Fighter project stolen from its networks.

The program utilizes NSA signatures to filter incoming e-mails which, due to the small number of false-positives, has been considered a success. However, the program has been less effective at redirecting outbound traffic headed for bad web sites.

Rep. James R. Langevin (D-R.I.), co-founder of the Congressional…

Read the Rest of the Post >

David McClure, Associate Administrator at GSA’s Office of Citizen Services and Innovative Technologies, announced at the AFFIRM event on April 13^th that the third party assessment organizations (3PAOs) will be announced in May 2012.

This is a major step for FedRAMP, which will start the process for cloud service providers to obtain the provisional authorizations. These 3PAOs are an important part of the FedRAMP process, because they will be validating the cyber security control requirements for service providers. While the review is being handled mainly by DHS and GSA, the entire Joint Authorization Board (JAB) will have the final say on who will be a 3PAO. The JAB consists of the Chief Information Officers from GSA, DHS, and DOD. Department of Homeland Security Chief Information Officer, Richard Spires, said that once the 3PAO’s are picked in May, he expects the program to take-off in June of this year.

While FedRAMP will mandate the minimum level of security requirements, Casey…

Read the Rest of the Post >

West Cheshire College, a leading vocational college in the northwest part of England, is the first college to implement a real time location tracking solution. This technology will enable West Cheshire to precisely track, analyze and manage student movements around the buildings’ free flowing public and learning zones. The variety of data being received via real time reporting will allow the college to see which students are in class at any given time. The college can act on this data based on student movement patterns within the building to efficiently allocate resources and optimize staff and resourcing capacity.

The data provided from the system is also used to improve the operating efficiency of other systems through classroom occupancy management. This allows the college to ensure appropriate government funding by accurately recording and reporting enrollment and attendance. In the future the college hopes to connect attendance information to systems such as cooling,…

Read the Rest of the Post >

This week the Obama administration put out a new initiative for Big Data. Six agencies (DoD, DoE, DARPA, NIH, NSF, and USGS) have dedicated over $200 million to ensure this is a successful program. John Holdren, assistant to the president, stated that many more agencies will be involved in the future. NASA and NOAA will be the next agencies to enter the big data push. These are especially important because of the quantity of data they both collect. The government plans to close over 450 data centers nation wide. This will require data centers to be more robust in all aspects. This incluudes server’s space availability to meeting all cyber security standards. With fewer data centers the new data centers will store and process larger amounts of data. This will also allow for agencies to have better communication and be more efficient in their efforts.

This new push for big data asks one very important question: “The challenge is, what do we do with all the data we are using?” which…

Read the Rest of the Post >

FedRAMP (Federal Risk and Authorization Management Program) is led by GSA and is a soon-to-be mandatory government wide program that standardizes the government’s approach to authorizing cloud services for use by federal agencies and monitoring those services to ensure that they continue to meet federal cybersecurity requirements.Once a service goes through the initial FedRAMP authorization process, it will get a stamp of approval that all agencies can use to sign off on the service’s ability to meet federal security requirements. 

FedRAMP is still in pre-launch stage. The launch of its initial operational capabilities is scheduled for June 2012, and the focus will be on infrastructure as a service and e-mail as service. Full operational capabilities are scheduled for the second quarter of fiscal 2013. At this stage, FedRamp will include more diverse products and services. By 2014 the government will move to full implementation with on-demand scalability and all federal agencies…

Read the Rest of the Post >

Identity management solutions safely guard and control user identities and privileges. Single Sign-On (SSO) enables organizations to provide authorized user access to systems and services providing efficient management of the entire identity lifecycle. This includes assessing, planning, implementing, auditing, and maintaining identities and access privileges.  Government agencies are taking an aggressive stance of migrating to the cloud which promises to reduce the cost of delivering government services in this fiscally conservative environment. Cloud Identity management plays a central role in securing cloud deployments.

With the growing migration to the Cloud, government agencies are facing new challenges in cyber security and working hard to address these deficiencies.  Personal Identity Verification (PIV) cards are being issued in increasing numbers; the Federal Public Key Infrastructure (PKI) hasconnected agency and commercial PKIs via a trusted framework; and working groups…

Read the Rest of the Post >