CISA’s Jay Gazlay: Gov’t Must Update Identity Management Standards for Cloud Operations

CISA’s Jay Gazlay: Gov’t Must Update Identity Management Standards for Cloud Operations
TIC 3.0 Use Case Guide

Jay Gazlay, technical strategist at the Cybersecurity and Infrastructure Security Agency (CISA), has said the government must establish an updated guidance on identity management following the SolarWinds large-scale data breach, Nextgov reported Wednesday.

Gazlay told a National Institute of Standards and Technology (NIST) advisory board that the updated guidelines must consider cloud-based activities as more agencies opt to transition their digital environments.

He noted that initiatives like the NIST National Checklist Program should be more prevalent to enable rapid threat response during data breaches. Vendors must also be able to release machine-readable configuration guidance to inform risk decisions across disparate infrastructures, said Gazlay.

Devices in general must have in place basic configurations such as those offered by Microsoft for authentication and email traffic monitoring, according to Gazlay.

“Our takeaway from this at CISA's space is that identity is everything now, he added. “We can talk about our network defenses, we can talk about the importance of firewalls and network segmentation, but really identity has become the boundary, and we need to start readdressing our infrastructures in that manner," he said.

You may also be interested in...

David McKeown

David McKeown: DOD Eyes Creation of Zero-Trust-Focused Portfolio Office

David McKeown, the Department of Defense's (DOD) equivalent of a chief information security officer, said DOD is looking to establish a portfolio management office that specializes in zero-trust cybersecurity. The office's creation would help DOD centralize and manage efforts to implement a zero-trust architecture, which strictly imposes requirements before one is able to access the defense network.