Skip to content

How SLED IT Professionals Should Adopt the Department of Homeland Security’s CISA’s Cyber Essentials Guidance

The past 12 months have been a trying time for many state and local government agencies seeking to harden themselves against frequent and relentless cyber threats. Before the end of 2019, the Department of Homeland Security released guidance intended to assist these agencies—along with small businesses—with cyber preparedness.

Much of the advice provided is a step in the right direction, and as always, these releases are an opportunity to reinforce critical discussions on what’s actually going to make state and local agencies more resilient to disruption. Here’s my take on a few of the callouts from DHS’ guidance.

A Single, Unified Platform

DHS lists the following as essential actions undertaken by successful IT teams, who have

  • Learned what is on their network Maintained inventories of hardware and software assets to know what is in-play and at-risk from attack
  • Leveraged automatic updates for all operating systems and third-party software
  • Implemented secure configurations for all hardware and software assets
  • Removed unsupported or unauthorized hardware and software from systems
  • Leveraged email and web browser security settings to protect against spoofed or modified emails and unsecured webpages
  • Created application integrity and whitelisting policies so that only approved software is allowed to load and operate on their systems

Agencies aren’t doing themselves any favors by trying to complete these actions using collections of disparate point tools. Utilizing a single platform is not only the best way, but also the only way to ensure full visibility and control over critical assets and applications—without gaps in what endpoints they can see and manage.

Managing Endpoints and Restricting Access

DHS explains that setting approved access privileges “requires knowing who operates on your systems and with what level of authorization and accountability.” Does your current technology deliver near-real-time visibility of all endpoints, along with quick identification of new devices that attach to the network—edge, data center or cloud?

I meet with a lot of agency IT leads who feel they can identify most assets quickly. But it’s the “control” part of visibility and control that’s just as important; organizations need to be able to take appropriate action within the platform to bring devices under management, and quarantine as necessary to an isolated segment of the network. Right away.

Managing Sensitive Information

“Your data, intellectual property and other sensitive information is what your organization is built on,” writes DHS.

That seems obvious in this era of ever-more-strict data privacy regulations, but organizations that don’t have full visibility into where potentially sensitive data resides aren’t able to adequately ensure appropriate controls are in place to protect it. It’s that simple. Your technology must be able to identify what information is housed where, how it’s being used, if that level of use is appropriate and have all of those metrics be current as of right now, not yesterday or last week.

Patch Efficacy

DHS devotes a section of its guidance to patch management. The reason for that is that organizations with poor IT hygiene are typically under-patched, or unable to identify the status of patch efficacy across their IT estate.

Real-world patching has been difficult to achieve for many organizations, and many extant products—even ones that purport to specialize in patch management—are unreliable and increasingly, untrustworthy, because they were built using technology that’s years and decades old. Organizations should be able to rely on a simplified platform that can quickly process change and verify immediately that patches were successful across complex and distributed networks (including roaming devices) to increase overall patch efficacy for both operating systems and third-party applications.


Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.

Gary Buonacorsi

Gary Buonacorsi is Tanium’s SLED Chief Technology Officer. Industry leader and speaker, he helps public sector agencies transform their security and IT strategies and operations.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW