White House Executive Order on Cybersecurity

The White House issued an Executive Order on improving the Nation’s Cybersecurity on May 12, 2021. The Executive order gives agencies 180 days to “adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”

The Executive Order underscores the importance of protecting the Federal Government’s “computer systems, whether they are cloud-based, on-premises, or hybrid” and extends the scope to include systems that process data and run vital machinery paramount to the nation’s safety. To accomplish this, the Executive Order outlines several decisive steps needed to modernize its approach to cybersecurity including:

  • Sec 3: Modernize Federal Government Cybersecurity
    • Adopt Security Best Practices
    • Encrypt data at rest and in transit
    • Employ multi-factor authentication
    • Secure cloud services
    •  Advance towards zero trust architecture
  • Sec 4:  Enhance Software Supply Chain Security
    • Protect integrity of critical software that performs functions critical to trust
    • Employ encryption of data

THALES TCT SOLUTIONS FOR MODERNIZING FEDERAL GOVERNMENT CYBERSECURITY

Thales TCT, a U.S. based provider of government high-assurance data security solutions, offers multi-factor authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Executive Order.  Our data protection solutions easily integrate with existing IT infrastructures and deliver the same level of security whether deployed in enterprise, tactical or cloud environments. Our solutions enable federal agencies to meet their immediate data protection needs while investing in a solution that provides robust security, a growing ecosystem, and the scalability needed to build a trusted framework for the future.

From traditional high assurance to commercial-of-the-shelf authentication solutions to first-of-a-kind hardware security module-based identity credentials, Thales TCT offers the most secure, certificate-based authentication platforms available to the U.S. Federal Government.

  • High Assurance Authentication that brings multi-factor authentication to applications and networks where security is critical.
  • Commercial-off-the-Shelf Multi-factor Authentication that offers the broadest range of authentication methods and form factors, Thales TCT allows customers to address numerous use cases, assurance levels, and threat vectors with unified, centrally managed policies—managed from one authentication back end delivered in the cloud or on premise.
  • Access Management through strong authentication services that enable agencies to pursue consistent authentication policies across the organization by automating and simplifying the deployment and management of a distributed estate of tokens, while securing a broad spectrum of resources, whether on-premises, cloud-based, or virtualize

CIPHERTRUST DATA SECURITY PLATFORM

CipherTrust Data Security Platform unifies data discovery, classification, data protection, and unprecedented granular access controls with centralized key management – all on a single platform. This results in less resources dedicated to data security operations, ubiquitous compliance controls, and significantly reduced risk. CipherTrust Data Security Platform is available for sale to the U.S. Federal Government exclusively through Thales TCT.

The platform includes:

  • CipherTrust Transparent Encryption delivers data at rest encryption, privileged user access controls and detailed data access audit logging. Connectors protect data in files, volumes and databases on Windows, AIX and Linux OS’s across physical and virtual servers, in cloud and big data environments.
    • Live Data Transformation Extension provides zero-downtime encryption and data rekeying.
    • CipherTrust Security Intelligence logs and reports streamline compliance reporting and speed up threat detection using SIEM systems.
  • CipherTrust Application Data Protection delivers crypto functions for key management, signing, hashing and encryption services through APIs, so that developers can easily secure data at the application server or big data node.
  • CipherTrust Tokenization is offered both vaulted and vaultless, and can help reduce the cost and complexity of complying with data security mandates.
  • CipherTrust Database Protection solutions integrate data encryption for sensitive fields in databases with secure, centralized key management and without the need to alter database applications. CipherTrust Database Protection solutions support Oracle, Microsoft SQL Server, and IBM DB2 and Teradata databases.
  • CipherTrust Manager centrally manages encryption keys, provides granular access controls and configures security policies. It manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly REST APIs. CipherTrust Manager also delivers enterprise key management solutions that streamline bring your own keys (BYOK) for multiple cloud environments, supports TDE key management for Oracle and Microsoft SQL Servers, and centralizes key management for a variety of KMIP clients, such as tape archives, full disk encryption, big data, virtual environments and more.
  • Luna T-Series Hardware Security Modules store, protect, and manage cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States.
  • CipherTrust Data Discovery and Classification locates regulated sensitive data, both structured and unstructured, across the cloud, big data, and traditional data stores. A single pane of glass delivers understanding of sensitive data and its risks, enabling better decisions about closing security gaps, prioritizing remediation actions, and securing your cloud transformation and third-party data sharing.

Thales’s comprehensive network traffic encryption solutions use Layer 2 and 3 encryption to ensure security without compromise. Ensuring maximum throughput with minimal latency, our solutions allow customers to better protect data, video, voice,  and metadata from eavesdropping, surveillance, and overt and covert interception. Thales network encryption solutions are available for sale to the U.S. Federal Government exclusively through Thales TCT.

  • CN9000 Network Encryptors: Delivering 100 Gbps of high assurance and secure encrypted data, the CN9000 Series provides mega data security (100 Gbps), with the lowest latency in the industry (<2μs).
  • CN6000 Network Encryptors: Offering variable-speed licenses from 100 Mbps to 10 Gbps. The CN6140 has a multi-port design that makes this encryptor variable, with speed licenses up to 40 Gbps (4×10 Gbps), highly flexible and cost effective.
  • CN4000 Network Encryptors: Versatile and compact, offering 10 Mbps-1 Gbps encryption in a small-form factor (SFF) chassis.  The CN4000 series is ideal for branch and remote locations, offering high-performance encryption, without comprising network performance.
  • CV1000 Virtual Encryptor: The first hardened virtual encryptor, is instantly scalable and may be deployed rapidly across hundreds of network links, providing robust encryption protection for data-in-motion. The Thales CV1000 Virtual Encryptor is a Virtual Network Function (VNF) that delivers an agile network and reduces capital expenditure requirements. Ideal for organizations that are virtualizing network functions and taking advantage of Software Defined Networking (SDN).
ImageTitleLink
Cyber EO Compliance Video Series – Part 2 – Multi-Factor Authentication
Cyber EO Compliance Video Series – Part 3 – Data at Rest Encryption
Cyber EO Compliance Video Series – Part 4 – Data in Transit Encryption
Cyber EO Compliance Video Series – Part 6 – Implementing a Zero Trust Architecture
Thales TCT Solutions for White House Executive Order on Cybersecurity
Top 5 Ways to Comply with the White House EO on Cybersecurity – Part 1 – Setting the Stage
White Paper: Best Practices for Implementing the White House Executive Order on Improving the Nation’s Cybersecurity Infrastructure