SAN FRANCISCO, CA—May 6, 2024—RSA CEO Rohit Ghai will detail the new capabilities, policies, and principles that public and private sector organizations must develop to adapt to new-world cybersecurity challenges during the opening keynote of the RSA Conference Public Sector Day.
During his remarks, Rohit will explain how new government policies create a higher cybersecurity standard for both the public and private sectors, discuss the emerging risks and successful cyberattacks that have compelled the creation of those new standards, and detail the capabilities that the private sector must prioritize to address emerging threats.
“When it comes to protecting critical infrastructure, cybersecurity can’t be a privilege reserved for the few, but an inalienable right shared by everyone,” said RSA CEO Rohit Ghai. “To stay ahead of adversaries, secure the integrity of our elections, and build a safer world, our industry must work in close partnership with the public sector, prioritize security, embrace open standards, and reflect on why so many purported cybersecurity vendors are being breached by threat actors.”
“With CISA’s Zero Trust Maturity Model v2.0, the presidential mandate, and the NIST Cybersecurity Framework 2.0 (CSF 2.0), which represents the new gold standard in cybersecurity architecture, the U.S. government is teaching organizations how to enhance their security,” said RSA Federal President Kevin Orr, who will host the Public Sector Day event. “What’s clear across every mandate and framework is that organizations must prioritize the security-first identity solutions that will shield them from today’s attacks and prepare them for tomorrow’s threats.”
“NIST CSF 2.0 was created because the U.S. government recognizes that organizations’ defenses aren’t keeping pace with threats,” said RSA Chief Product and Technology Officer Jim Taylor. “NIST doesn’t make recommendations lightly, and right now they’re recommending that all organizations prioritize deeper security and broader capabilities to defend against phishing, ransomware, cloud account take-over, and other attacks. Just as importantly, CSF 2.0 shows them how to implement those regulations and make NIST’s framework a practical reality.”
RSA recently released new implementation guidance for NIST CSF 2.0. RSA solutions provide a security-first unified identity platform that secures the full identity lifecycle and helps organizations align with NIST CSF 2.0, meet the presidential mandate, and comply with new CISA requirements:
- Secure passwordless authentication: Following on the deployment of significant passwordless authentication enhancements—including QR code-based authentication, an expanded access policy for RSA® ID Plus that provides greater support for passwordless across the platform, and the DS100, the only dual-protocol authenticator solution combining both FIDO2 software and OTP hardware authentication in one device—RSA will support device-bound FIDO passkeys that meet FIPS certification on the RSA Authenticator App later this year.
- Identity Governance and Administration (IGA) to enforce least privilege: CSF 2.0 recommends “Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties.” The guidance on IGA makes both identity and governance important business and risk issues. With RSA® Governance & Lifecycle, government agencies don’t need to manage increasingly complex access policies via spreadsheet any longer: the solution automates joiner-mover-leaver workflows, including birthright- and role-based entitlements to ensure that least privilege is maintained throughout the user lifecycle.
- Best-of-breed security and open standards deliver more than the sum of their parts: RSA supports third-party authenticators, including FIDO2, FIDO U2F, and OATH H-OTP for use with ID Plus. RSA’s proprietary hardware authenticator, the DS100, combines both OTP and FIDO2 protocols on one device. The DS101 will also combine those protocols on one FIPS 140-3 certified device that will be available this year. RSA will leverage decades of security-first pedigree and innovative solutions to fortify customers’ use of open standards with infrastructure that provides out-of-the-box, end-to-end security solutions.
- Securing the Cloud: CISA’s Zero Trust Maturity Model 2.0 notes that the modernization of government cybersecurity represents a challenge in adopting zero trust and recommends that agencies should review the CISA/Federal Risk and Authorization Management Program (FedRAMP) Cloud Security Technical Reference Architecture for securing cloud migration and data. In 2022, RSA received FedRAMP JAB authorization for RSA® ID Plus for Government, which can help government agencies operate securely across cloud and on-premises environments. The RSA authorization conforms with the latest revision to the FedRAMP program, meeting the new standards for more rigorous security controls.
Resources
NIST CSF 2.0 Implementation Guidance
Media Contact
TeamRSA@axicom.com
About RSA
The AI-powered RSA Unified Identity Platform protects the world’s most secure organizations from today’s and tomorrow’s highest-risk cyberattacks. RSA provides the identity intelligence, authentication, access, governance, and lifecycle capabilities needed to prevent threats, secure access, and enable compliance. More than 9,000 security-first organizations trust RSA to manage more than 60 million identities across on-premises, hybrid, and multi-cloud environments. For more information, go to RSA.com.