The Technology Modernization Fund (TMF) is an investment program that loans funding to federal agencies to address urgent IT modernization challenges. The goal is to aid all agencies, no matter what size, in accelerating information technology-related projects that will enhance cybersecurity, better secure sensitive Government systems, and improve services to the American public.
Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks, that directs federal civilian agencies to better account for what resides on their networks. Here’s why:
The rapid growth of offensive threats against government networks that have succeeded in exfiltrating data and exploiting agency users underscores the critical need for federal agencies to adapt and improve their deterrence strategies and cybersecurity implementations. Defending networks with high-powered and ever-more sophisticated perimeter defenses is no longer sufficient for achieving cyber resiliency and securing information that spans geographic borders, interfaces with external partners, and support to millions of authorized users outside of traditional boundaries (such as remote workers)1.
CISA BOD 23-01 also establishes baseline requirements to identify assets and vulnerabilities on federal agency networks and provide data to CISA on defined intervals. The goal is to gain greater network visibility and drive timely risk reduction. “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.” — Executive Order on Improving the Nation’s Cybersecurity 12 May 2021
One of those bold areas of change is modernizing compliance management which, in its current, labor-intensive state, also happens to be an area of significant spend. Qmulos helps top federal agencies and DIB firms protect against compliance gaps and keeps them ahead of cybersecurity threats. Our Q-Compliance platform delivers real-time compliance visibility and automates the collection of technical evidence across all major frameworks, enabling our federal agency customers to monitor their systems in real-time and provide security operations teams with a comprehensive and dynamic view of their cybersecurity posture at all times.
The result: confident, real-time reporting on technical evidence. No more hoping. No more delays. For these agencies, compliance is on the same timetable with security operations and falls into the proactive risk management category.
Agency leaders are encouraged to submit project proposals.
With each new law and framework, and a growing federal focus on data protection, the role of compliance with government agencies needs to shift from reactive to strategic. Compliance should enable risk management, where it can proactively identify new risks and support continuous, protected operations.
The Government is strongly encouraging federal agencies to submit technology modernization proposals to the Technology Modernization Board through a two-step process and make use of TMF funding. Qmulos can help.
Our expert team is here to support TMF proposal development and ensure the proper framework is in place to evolve the role of compliance from data collection to taking action on real-time information to improve security.
For more information on TMF, please visit M-18-12, Funding Guidelines and Additional Considerations.
1 | DoD Zero Trust Strategy paper, DoD Portfolio Management Office, November 2022