{"id":631,"date":"2015-08-05T13:12:09","date_gmt":"2015-08-05T17:12:09","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=631"},"modified":"2015-09-10T09:59:48","modified_gmt":"2015-09-10T13:59:48","slug":"quarter-of-fed-privileged-users-risk-security-sprint","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/","title":{"rendered":"One Quarter of US Federal Agencies&#8217; Privileged Users Still at Risk After &#8216;Security Sprint&#8217;"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-632\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg\" alt=\"identityflag\" width=\"600\" height=\"300\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg 600w, https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag-300x150.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/>Large sections of the US government remain exposed to hackers following the end of the 30-day Cybersecurity Sprint initiative launched last month in response recent major data breach of the US Office of Personnel Management (OPM).<\/p>\n<p>On Friday, US CIO Tony Scott announced some of the results of the <a href=\"https:\/\/www.whitehouse.gov\/sites\/default\/files\/omb\/budget\/fy2016\/assets\/fact_sheets\/enhancing-strengthening-federal-government-cybersecurity.pdf\" target=\"_blank\">Sprint Initiative<\/a>, which was intended to patch critical flaws in US Govt. cybersecurity by\u00a0 improving policies and best practices for privileged users and accelerating government adoption of two-factor authentication (2FA) for those users.<\/p>\n<p>According to <a href=\"https:\/\/www.whitehouse.gov\/blog\/2015\/07\/31\/strengthening-enhancing-federal-cybersecurity-21st-century\" target=\"_blank\">Scott\u2019s statement<\/a>, the Sprint Initiative made significant progress in reducing the overall number of privileged users in federal govt. IT systems.<\/p>\n<p>Scott claims that many federal agencies now require employees to use \u201ca hardware-based Personal Identity Verification (PIV) card or an alternative form of strong authentication\u201d when accessing government IT infrastructure and networks.<\/p>\n<p>Federal civilian agencies increased their use of 2FA for both privileged and unprivileged users by 30 percent during the 30-day sprint initiative. 72% of all users in those agencies now use 2FA.<\/p>\n<p>The increase in 2FA use was even more impressive when it comes to privileged users alone, with a 40 percent increase up to 75% using 2FA during the 30-day period.<\/p>\n<div class=\"box box0\"><h4><a href=\"https:\/\/solutionsreview.com\/identity-management\/download-three-important-reasons-for-privileged-access-management-and-one-surprising-benefit\/\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-599 size-thumbnail\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/07\/Priviledged-Identity-Management-Three-Reasons-150x150.png\" alt=\"Priviledged Identity Management - Three Reasons\" width=\"150\" height=\"150\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/07\/Priviledged-Identity-Management-Three-Reasons-150x150.png 150w, https:\/\/solutionsreview.com\/identity-management\/files\/2015\/07\/Priviledged-Identity-Management-Three-Reasons-70x70.png 70w, https:\/\/solutionsreview.com\/identity-management\/files\/2015\/07\/Priviledged-Identity-Management-Three-Reasons-60x60.png 60w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/><\/a><\/h4>\n<p><span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/solutionsreview.com\/identity-management\/download-three-important-reasons-for-privileged-access-management-and-one-surprising-benefit\/\" target=\"_blank\">Complementary Whitepaper: Protecting Privileged Accounts from Abuse<\/a><\/span><\/p>\n<ul>\n<li>Identify the advantages and risks of High-Privilege Access<\/li>\n<li>Assure security compliance<\/li>\n<li>\u00a0Learn to better manage privileged identities<\/li>\n<\/ul><\/div>\n<p>Scott also noted that over half of the federal government\u2019s largest agencies\u2014including the Department of the Interior, Transportation, and Veterans Affairs\u2014have implemented strong authentication measures for 95% of their privileged users.<\/p>\n<p>While these numbers seem impressive, they raise questions over the remaining 25 percent of privileged users who are not protected by 2FA, and whose privileged accounts and capabilities are, presumably, unmanaged.<\/p>\n<p>Protecting 75 percent of privileged users is like building a fence around 75 percent of your yard\u2014it may look good, but there&#8217;s still a gaping hole for potential intruders to enter through.<\/p>\n<p>High-privilege access may be the most sensitive aspect of IT, if misused, privileged capabilities can cause massive organizational damage, and leave millions of sensitive data points vulnerable to theft, as seen in the OPM hack.<\/p>\n<p>Privileged accounts are on hackers critical path to success 100% of the time in every attack, regardless of the threat, according to a white paper from Cyber Sheath Services International. If we leave just one percent of \u00a0these accounts vulnerable, they will be attacked.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Large sections of the US government remain exposed to hackers following the end of the 30-day Cybersecurity Sprint initiative launched last month in response recent major data breach of the US Office of Personnel Management (OPM). On Friday, US CIO Tony Scott announced some of the results of the Sprint Initiative, which was intended to [&hellip;]<\/p>\n","protected":false},"author":24,"featured_media":632,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[85,130,30,129,124,25],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Many US Federal Govt. Agencies are Still at Risk After &#039;Cybersecurity Sprint&#039;<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/\",\"name\":\"Many US Federal Govt. Agencies are Still at Risk After 'Cybersecurity Sprint'\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg\",\"datePublished\":\"2015-08-05T17:12:09+00:00\",\"dateModified\":\"2015-09-10T13:59:48+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg\",\"width\":600,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"One Quarter of US Federal Agencies&#8217; Privileged Users Still at Risk After &#8216;Security Sprint&#8217;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Many US Federal Govt. Agencies are Still at Risk After 'Cybersecurity Sprint'","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/","url":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/","name":"Many US Federal Govt. Agencies are Still at Risk After 'Cybersecurity Sprint'","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg","datePublished":"2015-08-05T17:12:09+00:00","dateModified":"2015-09-10T13:59:48+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2015\/08\/identityflag.jpg","width":600,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/quarter-of-fed-privileged-users-risk-security-sprint\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"One Quarter of US Federal Agencies&#8217; Privileged Users Still at Risk After &#8216;Security Sprint&#8217;"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/631"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=631"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/631\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/632"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}