The Federal Chief Information Security Officer Council (CISO) and Chief Data Officer (CDO) Council are poised to unveil a new data security framework in the coming weeks with the aim of improving data protection across government agencies.
This collaborative effort will center on a zero trust approach to data security, and to redefine how sensitive information is safeguarded.
Stephen Hernandez, who is CISO at the U.S. Department of Education and co-chair of the Federal CISO Council, explained that both councils are aligning their expertise to address evolving threats and establish security protocols.
“We’re swimming in data … And I think about, how are we addressing the security approach around the sea of data we have?” Hernandez said during a GovExec online seminar on Aug. 21.
“Our zero trust architecture is guiding that discussion, because there’s a whole data pillar in zero trust,” he said. “It’s about the data, and what we’re finding is we’re leaning on our friends at the chief data officer’s office.”
The joint framework, Hernandez explained, will address issues of data portability and accessibility, ensuring that crucial information remains protected while being efficiently managed.
“This comprehensive approach reflects a commitment to addressing the security and operational needs of Federal data management,” Hernandez said.
The joint initiative aims to enhance protection for sensitive government data and improve risk management practices. According to Hernandez, the framework will incorporate prioritization strategies like those currently adopted at the Education Department.
“You can’t go after everything all at once,” Hernandez noted. “We’re starting with our high-value assets and ensuring we have strong risk visibility in those areas.”
The joint framework will prioritize the effective management of data, including the tools and practices surrounding its use.
“The conversation isn’t so much about security itself,” Hernandez explained, “but about ensuring that our data, and how we handle it, aligns with principles of openness, accessibility, and efficiency.”
Hernandez added that by emphasizing “governance that promotes optimization and streamlined access,” the councils are aiming to create a more agile and transparent approach to managing sensitive information.