Data Security Solutions for the U.S. Federal Government
Meet Executive Order requirements and CISA standards with NIST and FIPS certified security solutions
Thales is a recognized global leader in data protection, access management and authentication for U.S. federal, civilian, state and local government agencies. Our mission is to provide innovative solutions to protect the most vital data from the core, to the cloud, to the field for defense, intelligence, and civilian agencies across the U.S. government.
We help the world’s most trusted organizations simplify security for the cloud or on-prem, achieve regulatory compliance, and reduce risk. Our solutions to discover, protect, and control sensitive data enable agencies and organizations to modernize government data security for a zero-trust world.
The 2022 Thales Data Threat Report - Federal Edition found that while half of all federal government respondents said they had been breached, less than a fifth said they had complete knowledge of where their data was and only a quarter said a majority of their sensitive cloud data is encrypted.
Navigating Data Security in an Era of Hybrid Work, Ransomware and Accelerated Cloud Transformation
As the pandemic continues to affect both business and personal lives, expectations of a return to pre-pandemic conditions have faded from most plans. Underlying trends that have always driven information security, such as new technologies, greater compliance mandates and more severe security incidents, continue to be significant change agents. The 2022 Thales Data Threat Report illustrates these trends and changes.
With the signing of the Cybersecurity Executive Order 14028, the White House administration sent a clear message that improving our nation’s cybersecurity posture and protecting sensitive data against threat actors, both foreign and domestic, is top priority. While the EO began as a recommendation to move government agencies toward secure cloud services and achieving Zero Trust, it has now become the practical standard for organizations around the globe.
Thales is the only cybersecurity service provider that addresses all four elements of the EO with its CipherTrust Data Security Platform:
Modernize and implement stronger cybersecurity standards by moving sensitive data to the cloud and adopting zero-trust architecture
Get complete visibility of sensitive data across cloud, big data and traditional environments
Implement an end-to-end security system featuring a robust MFA solution and encryption for data at rest and in flight
Adopt secure code signing to protect the authenticity and integrity of software
The White House Executive Order on improving the nation’s cybersecurity infrastructure underscores the importance of protecting the Federal Government’s computer systems. It has led organizations across the nation to review their cybersecurity practices, and it establishes consistent guidelines that they need to implement in the short, mid and long term.
The urgent need to protect your data
With recent global events, the Cybersecurity and Infrastructure Security Agency (CISA) in partnership with Department of Homeland Security (DOHS) have issued numerous “Shields Up” advisories indicating cyber threat actors are actively targeting agencies and organizations within the U.S. and beyond. With advancing cyber threat technology, breaches are getting harder to detect.
Thales recognizes the challenges your organization faces when trying to identify potential gaps in your cybersecurity plan as well as understanding what resources are available to help protect your most sensitive data.
Join David Ortega, Principal Solutions Architect from Thales and Scott McHugh from the Institute of Homeland Security at Sam Houston State University as they discuss threats that prompted Shields Up and how to ensure cybersecurity readiness.
As cybersecurity threats have proliferated and computer technology has advanced, government data security compliance has become increasingly complex.
The government mandates encryption, and major government security compliance regulations such as FISMA, NIST 800-53, FIPS (up to level 3), and Common Criteria need to be part of the any government data-security solution. Also, as data moves to the cloud, government agencies need to comply with FedRAMP. Finally, depending on the government agency, HIPAA-HITECH and PCI DSS may also be important.
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 provides guidance for the selection of security and privacy controls for federal information systems and organizations. This white paper provides a mapping of the capabilities of Thales' CipherTrust Data Security Platform against these NIST security controls.
Thales TCT is a specialty company of Thales Cloud Protection & Licensing and part of Thales Defense and Security Inc. (TDSI), Defense Counterintelligence and Security Agency (DCSA) proxy. Thales TCT is protected from Foreign Ownership Control and Influence (FOCI) and governed by the Committee for Foreign Investment. If USCIS requires technology solutions with domestic (U.S. citizen) support and cleared personnel, Thales TCT can offer best-of-breed cybersecurity solutions to our U.S. Federal customers with the most stringent federal requirements.
As the pandemic continues to affect both business and personal lives, expectations of a return to pre-pandemic conditions have faded from most plans. Underlying trends that have always driven information security, such as new technologies, greater compliance mandates and more severe security incidents, continue to be significant change agents.
Underscores the importance of protecting the Federal Government’s computer systems. It has led organizations across the nation to review their cybersecurity practices, and it establishes consistent guidelines that they need to implement in the short, mid and long term.
The White House issued an Executive Order on improving the Nation’s Cybersecurity on May 12, 2021. The Executive Order gives agencies 180 days to “adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”
Digitalization of services and adoption of new platforms are reinventing government services and public administration. Mandates such as the recent Executive Order to improve the nation’s cybersecurity in the United States, the European Union's Cybersecurity Act of 2019 and the existing privacy and data protection regulations force agencies to protect sensitive data against the growing threat of data breaches.
Ransomware attacks have been a problem for years, but they have recently become a lot more damaging, with criminals targeting everything from critical infrastructure to hospitals and retailers, and demanding tens of millions of dollars in ransom.
The sensitive nature of much of the data held by local and central government agencies places a greater-than-average emphasis on effective cyber-security.
National governments around the world and many of their member states and local jurisdictions have enacted laws regulating the data security of the personal, strategic, and other sensitive data these governments hold.
State and local government agencies in the U.S. rely on sensitive information stored in databases and file servers to process applications that enable essential services.