Federal agency IT leaders must equip employees for success, regardless of where they are working, whether that’s at headquarters, at home or on the road.
They must do so while securing the agency’s information across an ever-expanding range of devices — desktops, laptops, tablets, smartphones, the occasional augmented reality headset — for as long as they are in service. Add a dizzying number of BYOD mobile devices, and IT teams have their hands full.
If agencies are unable to keep track of their devices, they simply cannot ensure the security of their information or maintain regulatory compliance. The task can be overwhelming.
“There are so many things you have to comply with, and they keep coming all the time,” says Sean Frazier, federal chief security officer at Okta. “You can get compliance fatigue when you look at all the things that exist.”
Frazier names a few to illustrate his point:
- President Joe Biden’s May 2021 executive order, which evolved into an official federal cybersecurity strategy, has increased the government’s focus on zero-trust compliance.
- Lawmakers are looking to reform the Federal Information Security Modernization Act of 2014, or FISMA, which governs agencies’ cybersecurity policies.
- Biden signed the FedRAMP Authorization Act in December 2022, codifying the 2011 Federal Risk Authorization Management Program into law and establishing official oversight of cloud security for federal agencies.
- The National Institute of Standards and Technology’s Special Publication 800-53 details the cybersecurity controls that agencies can use.
- The Defense Department revamped its Cybersecurity Maturity Model Certification program in November 2021 to streamline the process of handling controlled unclassified information.
Compliance dictates what federal agencies must do and how to do it, but it also can guide IT leaders on the most critical technology elements requiring care.