The Biden administration is seeking to transform the federal government’s cybersecurity operations to a zero trust model where every desktop, laptop, phone, tablet and server connected to its network is treated is as a potential entry point and attack vector for malicious hacking groups.
As SC Media has noted, this transition will be far from a simple one. Federal agencies have much work to do, first to identify the federal government’s army of devices and assets, then to set up the kind of real-time monitoring and collection regime that will underpin any endpoint detection and response (EDR) regime.
To that end, the Office of Management and Budget has given federal agencies a series of new tasks over the next six months to help smooth the path towards this future end state.
Each agency will be given three months to hand over access to their current EDR deployments to the Cybersecurity and Infrastructure Security Agency (CISA), which in addition to helping manage and oversee parts of the civilian government’s endpoint detection and response activities, will also conduct proactive threat hunting on agency networks.
By the end of that same three-month period, CISA is expected to set up continuous performance monitoring, develop a technical reference architecture and maturity model for each agency and make recommendations on ways to further speed up the government’s deployment of EDR security. CISA will also work with the CIO Council to create a playbook for best practices around deployment within six months.
Agencies will be given four months to assess the current state of their endpoint detection and response program, identify gaps in visibility and align their approach with CISA’s technical reference architecture. They must also tap their chief financial officer and OMB to ensure they have the personnel and resources to pay for whatever EDR they end up using, including licensing and other lifecycle costs.
Finally, they must ensure “that endpoint data is consolidated, retained, and archived in a manner that supports analysis and insight” and align their system with “applicable privacy and statistical laws and policy.”
“EDR will improve the Federal Government’s ability to detect and respond to increasingly sophisticated threat activity on Federal networks,” wrote OMB Director Shalanda Young in a memo released Friday. “This memorandum provides implementation guidance to agencies as they accelerate the adoption of EDR solutions and work to improve visibility into and detection of cybersecurity vulnerabilities and threats to the Government, as defined in EO 14028.”