Mediaboss Marketing

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released new guidance on March 21 that offers system administrators best practices for identity and access management (IAM).

CISA and NSA released the IAM guidance as part of the Enduring Security Framework (ESF), a public-private partnership that aims to address risks that threaten critical infrastructure and national security systems.

IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities ensuring that only users with the appropriate credentials gain access to data.

IAM is a critical part of every organizations security posture, and we must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions, said Grant Dasher, Office of the Technical Director for Cybersecurity, CISA.

The ESFs best practices guide is a valuable first step to aid critical infrastructure organizations efforts to assess and strengthen their IAM solutions and processes, he added. We look forward to further collaborations with our partners to improve the IAM ecosystem and aid organizations in achieving a more resilient posture.

The guidances best practices provide system administrators with actionable recommendations to better secure their systems from IAM threats. Specifically, it offers best practices and mitigations to counter threats related to identity governance, environmental hardening, identity federation/single sign-on, multi-factor authentication (MFA), and IAM auditing and monitoring.

It also offers a checklist for actions organizations can take immediately, such as routinely testing and patching your organizations MFA infrastructure; identifying all the local identities on the assets to know who has access to which assets; and determining if your single sign-on integration can collect user context during single sign-on logins including location, device, and behavior.

Malicious cyber actors attempt to hide their activity by exploiting legitimate credentials, either of authorized personnel or of the systems that act on behalf of legitimate users, said Alan Laing, NSA lead for the IAM working group. Rigorous identity and access management allows an organization the ability to detect and thwart these actors persistent efforts to corrupt critical systems and access information of national importance.

Go here to read the rest:
CISA, NSA Issue Guidance on Identity and Access Management - MeriTalk

FORT MEADE, Md. - As part of the Enduring Security Framework (ESF), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the Recommended Best Practices Guide for Administratorsto provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM).

IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities. It ensures that users only gain access to data when they have the appropriate credentials.

In 2021, Colonial Pipeline, a major Southeast oil pipeline system, suffered a major ransomware attack, disrupting the oil/gas distribution system and causing long lines at the gas station and consumer panic. Many people know about the attack and the exploitation of the company for money, but many dont realize that the attack happened because of a leaked password, an inactive VPN account, and a lack of multifactor authentication all of which can be summed up as poor IAM.

Malicious cyber actors attempt to hide their activity by exploiting legitimate credentials, either of authorized personnel or of the systems that act on behalf of legitimate users, said Alan Laing, NSA lead for the IAM working group. Rigorous Identity and Access Management allows an organization the ability to detect and thwart these actors persistent efforts to corrupt critical systems and access information of national importance.The paper provides best practices and mitigations to counter threats to IAM related to the following five topics:

Environmental Hardening

Identity Federation/Single Sign-On

Multi-Factor Authentication

IAM auditing and monitoring

"IAM is a critical part of every organization's security posture, and we must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions," said Grant Dasher, Office of the Technical Director for Cybersecurity, CISA. "The ESF's best practices guide is a valuable first step to aid critical infrastructure organizations' efforts to assess and strengthen their IAM solutions and processes. We look forward to further collaborations with our partners to improve the IAM ecosystem and aid organizations in achieving a more resilient posture."This release is accompanied by an Identity and Access Management Educational Aid presentation and associated talking pointsto support organizational technical leaders in explaining to decision makers the benefits of a robust IAM program and the associated risks of not implementing one.This guidance was developed and published by an NSA and CISA led working panel with ESF, a public-private cross-sector partnership that aims to address risks that threaten critical infrastructure and national security systems.

Read the full report here.Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

See the article here:
ESF Partners, NSA, and CISA Release Identity and Access ... - National Security Agency

FORT MEADE, Md. - The National Security Agency (NSA) made further progress in 2022 in its efforts to build and sustain a diverse workforce critical to fulfilling the Agency's foreign signals intelligence and cybersecurity missions. A record 15.6% of new hires in 2022 self-identified as a person with a disability."We are proud of our strong hiring program, but that is only the first step in an employee's journey," said Teisha Anthony, Chief of Talent Management. "We need to be equally committed to inclusion and accessibility to fully support the people we bring on board."The People with Disabilities Employee Resource Group (PWD ERG) recently collaborated with the Cybersecurity Directorate (CSD) to host a panel discussion about ways to boost accessibility to help retain the best and brightest to support NSA's mission.A representative from the Office of Physical Security said that medical devices have grown increasingly smarter in recent years, which has posed a security challenge that the team is working hard to address: "We're actively engaged with medical device users, the PWD ERG, Research Directorate, and technical subject matter experts from across the Agency to identify and implement new mitigations while providing the greatest possible accommodation for affiliates who rely on these devices for their health and well-being."In a separate effort, CSD launched a new corporate initiative that offers many printed materials in braille to benefit Agency employees with disabilities. Other NSA organizations have undertaken similar campaigns, heeding the call to ensure reasonable accommodations for every employee."Providing support to the PWD population is absolutely critical to the success of NSA's mission," said the chair of the PWD ERG. "There's been a lot of improvement in this space, but there's still room to grow.""We won't be able to maintain an up-to-date understanding of our adversary without continuing to hire the best and brightest disabled employees."Learn more about NSA's policies on reasonable accommodations.Apply now: intelligencecareers.gov/nsa

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Go here to see the original:
NSA Hires Record Number of People with Disabilities, Undertakes ... - National Security Agency

Armed Forces Entertainment (AFE) set the alley-oop with NSA Naples Morale, Welfare, and Recreation (MWR) for a slam dunk event as The Harlem Globetrotters took to the court at Naples Middle High School (NMHS).

MWR capitalized on assists to make this event a success.

MWR was supported by NSA Naples Red Cross, USO, the Fire Department, Security and community volunteers, said Chris Kasparek, NSA Naples MWR Community Recreation Director.

The team, who has performed at NSA Naples in previous years, made its first appearance since the pandemic.

I think this event specifically signifies that we have significantly made the turn out of COVID here at NSA Naples, said Kasparek. It is a step forward for our entire community.

Globetrotters Guard, Darnell Speedy expressed how excited he was to be back on a military tour.

I came to Naples in November 2019 [] It actually was the last military tour before the pandemic, said Speedy. Now I am on the first military tour since COVID, and it is a once-in-a-lifetime opportunity. I get another opportunity to share these moments with these people.

The night of slam-dunks, fast breaks and laughter was one of the most popular events of the season. Tickets for the event sold out within days. The anticipation of the event was evident as fans packed the NMHS gym.

We had the coolest experience last night with the Harlem Globetrotters, said community member Dana Elmini. They are true entertainers and made everyone feel special and leave with a story! Thank you AFE and NSA Naples MWR for making this happen!

The Globetrotters visited NSA Naples as part of a military tour with AFE that began March 14 at Naval Air Station (NAS) Sigonella.

This tour is made up of 11 shows, across 10 bases in three countries, said AFE Regional Manager Michele Krieg.

This is the 19th year of the Harlem Globetrotters military tour with AFE, Krieg added.

Kasparek says these events are special to the military community.

It is important for the families here to know they are being reached by those stateside and by those that appreciate what they do for our country, said Kasparek.

With shows such as this, AFE makes it their mission to provide the best performances for U.S. troops and family members stationed overseas and serve as the biggest morale booster for U.S. Troops.

The nearly two-decade old partnership between AFE and the team is only a small part of the Globetrotters history in entertainment.

The Globetrotters began as a team of reunited high school players in Chicago, Illinois in 1926.

Since 1926, they have entertained more that 148 million fans in 123 countries and territories around the world.

NSA Naples is an operational ashore base that enables U.S., allied, and partner nation forces to be where they are needed, when they are needed to ensure security and stability in the European, African, and Central Command areas of responsibility.

For more news on NSA Naples, please follow us on Instagram @NSANaples and Facebook at facebook.com/NSANaples/.

Read more:
The Harlem Globetrotters Euro Step Over to NSA Naples - navy.mil

Rebecca Richards, former civil liberties and privacy officer of the National Security Agency, has been appointed chief of civil liberties, privacy, and transparency at the Office of the Director of National Intelligence.

As chief transparency officer, she is responsible for protecting constitutional rights and privacy within the agency, Director of National Intelligence Avril Haines announced Thursday.

Richards joined NSA in 2014 and is credited for the establishment of its Civil Liberties and Privacy Office. She also held similar roles at the Department of Homeland Security.

Before becoming a privacy expert, Richards worked as an international trade specialist at the Department of Commerce. She later assumed various job posts at TRUSTe, a nonprofit organization known for its privacy seal.

Haines, a three-time Wash100 awardee, also acknowledged outgoing CLPT chief Ben Huebner. As ODNI welcomes Becky, I would also like to express my sincerest gratitude and congratulations to Ben Huebner, our previous Chief of CLPT since July 2019. I am very thankful, though, that Ben will continue to serve in the IC.

Continued here:
Former NSA Privacy Officer Rebecca Richards Named ... - Executive Gov