The Federal Information Technology Acquisition Reform Act (FITARA) was established to diminish waste and duplication in federal IT acquisition. However, many agencies continue to rely on aging legacy systems for some of their most critical operations. In FY19 alone, the federal government spent $29 billion on maintaining legacy systems.
In a recent Federal News Network article, I detail why it’s important for federal agencies to modernize their IT systems to strengthen cybersecurity and improve their FITARA Cyber Component score – which is simply the agency’s Federal Information Security Modernization Act (FISMA) score normalized on an “A” through “F” scale.
Gaps in the metrics
There is, however, a significant gap in the metrics that go into the FITARA Cyber Component score. The scores are based on FISMA, measuring compliance, not actual security or risk. Many security compliance requirements are rooted in basic cyber hygiene, and while adhering to those requirements as well as other best practice frameworks can help reduce risk, compliance isn’t enough. Federal agencies must delegate resources and funding to ensure they are compliant, but they must also engage in advanced, modern cyber defense tactics to thwart malicious adversaries.
How Tanium helps
Tanium helps agencies leverage a modernized approach for end-to-end visibility across end-users, servers and cloud endpoints and provides customers with the ability to identify assets, protect systems, detect threats, respond to attacks and recover at scale.
Using the Tanium Platform, teams can understand what is impacting agency risk, take rapid action to remediate and make security improvements for the long-term.
By integrating fast incident response capabilities throughout the network, Tanium’s unified endpoint management and security platform helps agencies safeguard data against unknown risk and privacy concerns, while aligning IT security and operations teams on a single platform.
Agencies can strengthen their cyber posture and improve FITARA Cyber Component scores with a tight focus on achieving comprehensive real-time visibility into systems across the enterprise (end-user, cloud and data center), upgrading or replacing inefficient legacy tools and ensuring the tools deployed are optimized for newer cloud and hybrid environments.