US CIO Tony Scott recently announced a 30-day cybersecurity sprint to shore up protection of federal information systems, made all the more urgent following a massive data breach of OPM personnel records.
According to an OMB fact sheet, agencies must immediately deploy indicators provided by DHS regarding priority threat-actor techniques, and procedures to scan systems and check logs to identity intrusions.
The fact sheet, which notes that “recent events underscore the need to accelerate the Administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure” says agencies must also patch critical vulnerabilities right away, tighten policies and practices for privileged users (there should be as few as possible logged in for as short a period as possible), and accelerate the adoption of multi-factor authentication.
