From: FCW
By Jeremy Grant
At a time when government networks are increasingly under attack — and government itself is being criticized for not doing enough to respond — the recent award of the Credentials and Authentication Management task order of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program is a welcome piece of good news.
CRED, like other components of phase 2 of the CDM program, focuses on identity and access management, which has been a sore point for most government systems. Consider: every major U.S. government breach of the last five years — whether by insiders such as Chelsea Manning and Edward Snowden, or by foreign adversaries as we saw in the attack on the Office of Personnel Management — has taken advantage of inadequate identity solutions and used them as the vector of attack. In some cases, it was a compromised password, but in other cases, it was someone who had a legitimate credential and was able to use it in ways that should have never been permitted.
Leave a Reply