Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: cybersecurity

We See the Future and it is … Single Sign On

By now you’ve likely heard of Single Sign On (SSO). It’s not exactly new, and it’s currently used by just a few agencies, but it is the wave of the future as agencies move to more cloud-based apps. In fact, 6 U.S. Code § 1523(b)(1)(D), a provision of law governing federal cybersecurity regulations, states that agency heads must “implement a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication.” This provision was created by GSA working with the Department of Homeland Security. (FedTech, May 24, 2019)

What exactly is SSO? SSO allows a user to sign in one time with one high-strength password and access all that specific user’s authorized applications. With SSO, a user need not memorize a different password for each and every application they access. SSO uses the Security Assertion Markup Language protocol that gives the user the ability to log on once for affiliated but separate websites. According to Tracy David, a cloud client executive at CDW, SSO uses “highly complex encrypted keys, which the end user has no access to view or change.” Ultimately, this makes for a much higher level of security for each agency. (ibid)

At this time, you must log in to each app with a different password. More often than not, passwords across applications are similar (if not the same) and easily remembered. This weakens the security level of the agency as stolen credentials account for roughly 80 percent of breaches. With SSO, you have one complex, single-sign-on password protected with multi-factor authentication.  (ibid)

Many agencies are still using on-premises SSO, which will be more difficult as apps move to the cloud. Insiders believe that the Defense Department’s forthcoming Joint Enterprise Defense Infrastructure cloud contract signals cloud adoption becoming the “norm” in government.

Questions about how this affects your current government contract, or how you might work with the government on SSO Technology? Give us a call at 301-913-5000.

 

 

 

GSA is bumping up cybersecurity offerings

GSA recently announced a restructure of the Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) to include a greater range of cyber services. The new format addresses the government’s need to protect high-value assets and enables federal agencies to purchase proactive and reactive cybersecurity services.  (Fifth Domain, April 2, 2019)

According to GSA Acting Assistant Commissioner Bill Zielinski, “The restructured HACS solution on IT Schedule 70 will provide federal agencies with easier access to services and solutions to protect large complex network and data systems, including [high-value assets] that hold sensitive information critical to national and economic security.” (ibid)

GSA is consolidating the four original SINs under HACS into a single SIN with the following five subcategories:

  • High-Value Asset Assessments
  • Risk and Vulnerability Assessment
  • Cyber Hunt
  • Incident Response
  • Penetration Testing (ibid)

Have questions about the restructuring of IT Schedule 70 or if you are affected by the change? Give us a call at 301-913-5000.

 

 

 

One and Done! – Highly Adaptive Cybersecurity Services (HACS) update to Schedule 70

The field of cybersecurity has grown substantially since the initial launching of the four HACS in 2016. This growth has led GSA to restructure the original HACS SINS 132-45 (A-D) into a single HACS SIN, 132-45, with subcategories of cybersecurity services.

Federal agencies use large complex network and data systems to maintain and manage many forms of data and information, including High Value Assets that hold sensitive information critical to national and economic security. As a result, the proposed restructure will include the following full set of HACS SIN services:

• High-Value Asset Assessments

• Risk and Vulnerability Assessment (RVA)

• Incident Response

• Penetration Testing

• Cyber Hunt

The four current HACS SINs will be deleted from the solicitation and added as subcategories under the new HACS SIN 132-45.

Please feel free to give us a call at 301-913-5000 if you’d like to discuss your cybersecurity solutions for GSA Schedule 70.