Cyber

FEMA working to clarify cyber controls

Only then can the agency use automation for compliance, according to its CTO.

March 10, 2021

(Getty Images)

The Federal Emergency Management Agency’s IT shop is working with others across the Department of Homeland Security to clarify cybersecurity controls so processes can be automated across the department.

By working with other DHS IT organizations, FEMA can get on the same page and automate its compliance, said Ted Okada, chief technology officer at FEMA.

However, compliance with data and privacy controls coming out of agencies like the National Institute of Standards and Technology is challenging because they haven’t kept pace with developments in cloud computing and DevSecOps.

While emerging NIST standards like the Open Security Controls Assessment Language (OSCAL) are diving deeper into Cabinet-level departments’ approaches to compliance, outdated controls remain.

“The common controls in the existing paradigm of client-server, hub-and-spoke computing, which are still with us even with cloud computing, those controls are fast becoming antiquated,” Okada said during an ATARC event Tuesday.

One such control asks whether organizations have a fire extinguisher, and no one would ever ask Microsoft Azure or Amazon Web Services that, he added.

At the same time that FEMA is establishing better cyber metrics, it’s developing application programming interfaces (APIs) that communicate with authorizing engines to generate system security plans and standardize them in open, text-based language for automation.

That way FEMA can store data and compute at the edge, closer to the source of the data, while adopting a zero-trust security posture that assumes breach, Okada said.

FEMA working to clarify cyber controls

More Like This

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

GAO budget request puts premium on modernization efforts

Commerce adds five members to AI Safety Institute leadership

Top Stories

State Department encouraging workers to use ChatGPT

Federal CIO calls on Congress to fund Technology Modernization Fund

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

Congressional panel outlines five guardrails for AI use in House

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

More Scoops

NIST releases automation-friendly security and privacy assessment procedures

FedRAMP eyes .govCAR for other authorization applications

FedRAMP just automated checking security authorization packages for completeness

Agency reuse of FedRAMP-approved cloud products climbs with automation

2020 in review: Pentagon leads federal DevSecOps efforts

FedRAMP cloud security requirements under revision

Agency reuse of cloud services on the rise during pandemic

Latest Podcasts

FEMA working to clarify cyber controls

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition