The Office of Management and Budget issued a memorandum updating the identity, credential and access management policy for federal agencies.

Agencies should transition their ICAM strategies and platforms from the levels of assurance model towards a new framework “informed by risk management perspectives, the federal resource accessed and outcomes aligned to agency missions,” according to the memo issued Tuesday by Russell Vought, acting OMB director. 

The document directs agencies to comply with the requirements set by the Office of Personnel Management with regard to issuing and revoking personal identity verification credentials and implement measures to manage access control. Under the memo’s Shifting the Operating Model beyond the Perimeter section, agencies are advised to include in all contracts a requirement to comply with the Homeland Security Presidential Directive 12 and Federal Information Processing Standard 201 for contracting staff. 

The policy recommends the use of Tier 2 and best-in-class contract vehicles, shared services and the Continuous Diagnostics and Mitigation program to acquire digital certificates and other ICAM-related capabilities. OMB enumerated ICAM-related directives and deadlines for the departments of Homeland Security and Commerce, General Services Administration and OPM. 

The official managing the Department of Defense’s acquisition enablers initiative sets policy updates and less acquisition regulations and cybersecurity standards as top priorities to accelerate adoption of new military capabilities, National Defense Magazine reported Wednesday. 

“If we can create a more modular approach to the way that we buy capabilities, we can deliver them faster,” Stacy Cummings, principal deputy assistant secretary of defense for acquisition enablers, said at the Special Operations Forces Industry Conference. “We can get them in the hands of the user faster, we can test them faster and we can reuse them when it makes sense across [DoD].” 

She said her office wants to revise policies to reduce paperwork and acquisition oversight and to establish a solid acquisition strategy. The initiative would provide tailored acquisition processes and tools to help DoD bring capabilities faster to service members. 

The policy updates would also include a new cybersecurity certification process that would enable vendors to offer products to all DoD programs. Cummings’ office plans to work with Johns Hopkins University Applied Physics Laboratory and Carnegie Mellon’s Software Engineering Institute to create the certification. The acquisition official plans to implement the changes across DoD in 2020. 

The Department of Homeland Security has called on the staff at its Cybersecurity and Infrastructure Security Agency to consider serving as volunteers at the U.S.-Mexico border to address the border crisis, The Hill reported Wednesday. 

“Our expectation, though, is that CISA would make risk-based decisions on the types of professionals they would free up for this kind of mission and balance against their day jobs and their current focus,” Kevin McAleenan, acting DHS secretary and 2019 Wash100 Award recipient, told lawmakers Wednesday at a House Homeland Security Committee hearing on the department’s budget request for fiscal 2020.

McAleenan stressed that he would not back efforts to deploy “critical” cyber personnel to the border. CISA Director and fellow 2019 Wash100 Award winner Christopher Krebs said at a separate House hearing that about 10 agency employees have been fielded to support border security operations, which could last for a month or up to 45 days. 

The Cybersecurity and Infrastructure Security Agency issued its latest list of best practices to enhance election security across the U.S. The document released on Tuesday is intended to assist state, local, tribal and territorial governments in their cybersecurity efforts to protect enterprise networks and election infrastructure. 

CISA said implementing the practices will require organizations “little or no cost.” The document guides in software and patch management, log management, network segmentation, blocking suspicious activity, credential management, establishing a baseline for host and network activity, information technology guidance and policies to provide notice for computer systems. 

CISA’s Hunt and Incident Response Team created the list through engagements with SLTT governments, election officials and other stakeholders. The agency also included government resources that officials can use to support their election security efforts. 

Federal cybersecurity officials called on U.S. allies to check the security risks of commercial products and services to support the implementation of 5G across their countries, Federal News Network reported Tuesday. The growing presence of Chinese equipment, such as Huawei, across the world could put government networks at risk of interference in the future, according to Christopher Krebs, director of Cybersecurity and Infrastructure Security Agency and a 2019 Wash100 Award recipient. 
 
To address 5G concerns, he said during a recent meeting with the Senate Judiciary Committee that CISA established a working group that coordinates efforts with industry, the Intelligence Community, the departments of Justice, State and Defense and other agency components. The group shares expertise in emergency preparedness communications, cybersecurity, supply chain risk management and infrastructure security. 

Robert Strayer, deputy assistant secretary for cyber and international communications policy at the State Department, said the federal government is also encouraging cooperation overseas for countries to adopt risk-based security frameworks for their future 5G communication systems.

“An important element of this risk-based security approach is a careful evaluation of hardware and software equipment vendors and their supply chains,” he said at the Senate meeting. 

Capt. Michael Dickey, the U.S. Coast Guard’s C4IT Service Center commander, said the service branch is working with the Department of Defense’s Joint Artificial Intelligence Center on capabilities like predictive maintenance, FCW reported Tuesday. 

Dickey told attendees at an AFCEA event that the Coast Guard has deployed one of its personnel to JAIC and is seeking to implement AI for aircraft maintenance and data analysis. The DoD is working on data collection efforts as it seeks to develop systems that can process large amounts of data, he noted. 

The USCG official added that there is “some potential for humanitarian applications” such as search ans rescue for the collated mission data. 

Sens. Rob Portman, R-Ohio, and Martin Heinrich, D-N.M., introduced a new bill to strategize on the development of artificial intelligence technologies. The Artificial Intelligence Initiative Act will support the development of a national AI strategy and allot $2.2 million of funds to grow an AI workforce across government, industry and academia, Portman’s office said Tuesday. The bill would distribute the funds over five years for an effort intended to last for 10 years. 

“By coordinating and synchronizing our country’s research and development efforts, this bill ensures not just that the United States remains an AI leader, but that it does so by developing AI technology that prioritizes American values,” Portman said. 

Portman and Heinrich serve as co-founders of the newly established Senate AI Caucus.