Jay Gazlay, technical strategist at the Cybersecurity and Infrastructure Security Agency (CISA), has said the government must establish an updated guidance on identity management following the SolarWinds large-scale data breach, Nextgov reported Wednesday.
Gazlay told a National Institute of Standards and Technology (NIST) advisory board that the updated guidelines must consider cloud-based activities as more agencies opt to transition their digital environments.
He noted that initiatives like the NIST National Checklist Program should be more prevalent to enable rapid threat response during data breaches. Vendors must also be able to release machine-readable configuration guidance to inform risk decisions across disparate infrastructures, said Gazlay.
Devices in general must have in place basic configurations such as those offered by Microsoft for authentication and email traffic monitoring, according to Gazlay.
“Our takeaway from this at CISA's space is that identity is everything now, he added. “We can talk about our network defenses, we can talk about the importance of firewalls and network segmentation, but really identity has become the boundary, and we need to start readdressing our infrastructures in that manner," he said.