As federal government agencies secure the large volumes of sensitive data that they maintain, they must continuously improve and adapt their security programs to keep up with the changing threat landscape and regulatory environment. Government IT systems must be secured from outside intruders as well as from insiders, both well-meaning and malicious. At the same time, they need to ensure that the right people have access to the data they need to do their jobs.
Complicating the current climate, the federal regulatory landscape for cybersecurity is constantly evolving. Many of the requirements for regulatory compliance are based on the 800 series of Special Publications created by the National Institute of Standards and Technology (NIST), covering every aspect of information security. These guidelines are regularly updated to reflect changes in legislation, technology and the evolving threats faced by agencies.
Security solutions also change. This shifting environment makes it imperative that agencies and their vendors keep security tools aligned with both agency needs and regulatory requirements. To discuss how the public sector can do this, GovLoop partnered with BeyondTrust, a leader in privileged account management and vulnerability management solutions, for this industry perspective. In the following pages we’ll discuss how agencies must manage access controls and IT vulnerabilities while complying with all security regulations.