The latest Federal Information Technology Acquisition Reform Act (FITARA) scorecard reveals that not one agency’s Cyber score changed from the FITARA 10.0 scorecard issued earlier in 2020.
The Cyber category consists of criteria from the Federal Information Security Modernization Act (FISMA) – and while FISMA measures compliance and considers data points such as number of incidents, it does not provide insight into how these actions unify to reduce risk.
Basic cyber hygiene is the root of many security compliance requirements, and while adhering to those requirements can help reduce risk, compliance isn’t enough. Agency cyber defenders need reliable, real-time data for a comprehensive view of the entire environment so they can identify, assess, focus on, and remediate risks.
How can agencies work to manage potential cyber risks and increase posture?
Scoring the FITARA Cyber Category
There are two components within the Cyber scores:
- The score the agency inspector general gives its agency’s posture on cyber maturity model criteria
- Cross-Agency Priority (CAP) goals to modernize IT for better productivity and security – covering asset security, personnel access, network and data protection, and cloud email adoption
Strengthening Agency Cyber Posture
Agency IT teams can strengthen their cyber posture by characterizing risks by severity of vulnerability, age, and the value of the data/system exposed to the threat. IT teams should also focus on achieving comprehensive visibility into all systems across the enterprise (end-user, cloud, and data center).
Real-time data is necessary for risk managers to take action against these threats. IT teams need to assess and evaluate their current toolset and refresh with a platform that simplifies and removes inefficient legacy tools. Optimizing and modernizing tools will help organizations operate in newer environments. This will help agency leaders understand the full environment and reduce accountability gaps created by point solutions.
Agency IT teams should also test data center efficiency while considering new security applications. By reducing the number of servers and hardware/software costs, dollars can be re-prioritized. This also allows agencies to utilize a single endpoint management platform approach that increases visibility across end-users, servers, and cloud environments and identifies assets, protects systems, detects and responds to attacks, and recovers at scale. This allows IT teams to receive quality data in real-time to manage risks.
For more insights from the full Meritalk article – click here
Point solutions and legacy tools will only hinder your organization. You need a simple, scalable solution that will provide the necessary data and insights needed to help improve your cyber posture. Modernization is critical and Proven Optics is here to help. We have leveraged the ServiceNow platform to build flexible, purpose-built, commitment-based Applications to modernize and automate legacy budget processes. Take the next step today and start running IT like a business without compromising your cyber maturity.