How to be agile while embracing new technologies begins with being prepared.
The use of on-premise technologies and the cloud continue to increase in the Federal space as agencies pursue modernization through digital and workforce transformation. But with those agile technologies evolving daily, threats and vulnerabilities have also increased. Even when the government uses the same software and services private organizations and consumers use, they have added cybersecurity hoops to jump through in order to achieve “authority to operate” (ATO) in their risk management framework (RMF).
Whether you are a government agency or a partner to one, securing critical assets, ensuring mission readiness, and embracing new technologies is a key part of your mission. But achieving ATO is not easy. And it can throw some roadblocks in your way:
- Manpower. Finding qualified experts to assess and secure the thousands of endpoints that need to be addressed according to NIST 800-171 and its Security Technical Implementation Guides (STIGs) is difficult. And with technology moving, shifting and updating at alarming rates, the task of finding STIG specialists gets harder.
- Cost. The manpower, quite frankly, is expensive. These are specialists in short supply. And every dollar you spend on them adds to the cost of your software and services, impacting your ROI.
- Continuity. Every day you are delayed in using critical software and platforms, is a day you don’t meet your mission. And because every implementation and upgrade needs to achieve ATO before you can use it, new capabilities are put on hold as you work through the cybersecurity process.
The threats to our systems have never been higher. In an ideal world, agencies wouldn’t be hindered by conducting repeated risk assessments and infrastructure maintenance to achieve ATOs. But they are. And there is currently only one approach that can save time and money while accelerating ATOs—automation.
Why plow with an ox when you can use a John Deere tractor?
The US Army is one of the government agencies that understands how critical automation is to risk management and controlling costs while ensuring the future of their digital transformation. Steelcloud’s cybersecurity automation tool, ConfigOS, has been proven to reduce the manpower used to achieve ATOs by over 90%, completing days/weeks/months of manual STIG work in about an hour. The software scans and remediates thousands of endpoints per hour, speeding ATOs, reducing human error and saving as much as 70% of ongoing STIG costs to meet both FedRamp and NIST cybersecurity requirements.
Hit a moving target on the first try.
Government security requirements change and morph over time. Even within the government framework, you must please several masters’ requirements, including those from NIST, CMMC, RMF and FedRamp. NIST’s recent revisions are an example of that. “Revision 5 is important because threats, vulnerabilities and technology are evolving on a daily basis,” says Dominic Cussatt, principal deputy assistant secretary and deputy chief information officer for the Department of Veterans Affairs. “It’s critical for us that the controls remain up to date and agile.”
Staying up-to-date is critical. But it also depends on the agility of your cybersecurity team. Having to learn and relearn the rules creates a lag in productivity and complicates compliance. Again, automation is a savior because, rather than a hundred STIG experts relearning everything each time there’s an update or shift in focus, the software only has to relearn it once. This reduces the burden on your teams and protects from added time-lags as humans adjust to change.
It’s a matter of national security.
President Biden recognizes the critical need to modernize enterprise infrastructure and information systems in the government and wants to back that mission with cybersecurity dollars. He proposes more money for both technology modernization and hiring. While that means billions of dollars invested in furthering the cause, we all know how thin that money will be spread across competing agencies and concerns. Cost will always be a factor—and roadblock—in the government.
Automated software tools such as ConfigOS will provide a key strategy for preparing government networks and workforces for digital transformation. Automation saves money, reduces time to ATO, is more accurate and addresses the dearth of qualified experts to do the work manually. A solution like ConfigOS can be used on-site by agencies and their contractors or it can be used by technology contractors during development to further reduce costs and time-to-ATO.
Prepare now for a more agile, secure environment. Schedule a demo of ConfigOS and see how automation can change the game while working inside all the government’s cybersecurity rules.