[{"@context":"https:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/univista.com\/posts\/national-cybersecurity-strategy-2023-whitehouse-gov\/#BlogPosting","mainEntityOfPage":"https:\/\/univista.com\/posts\/national-cybersecurity-strategy-2023-whitehouse-gov\/","headline":"National Cybersecurity Strategy 2023 (Whitehouse.gov)","name":"National Cybersecurity Strategy 2023 (Whitehouse.gov)","description":"ShareTweet As we all know, probably to the point of exhaustion, is that the internet is a place filled with many threats that we all need to be aware of. Our federal government has recognized how hard it is for all of us to address all of these threats on our own by developing and […]","datePublished":"2023-03-08","dateModified":"2023-03-08","author":{"@type":"Person","@id":"https:\/\/univista.com\/posts\/author\/kasha-ford\/#Person","name":"Kasha Ford","url":"https:\/\/univista.com\/posts\/author\/kasha-ford\/","identifier":10,"image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/33eaeba24c23d4bf81db53e38627da1da0c1604cefd8066b39afba2a7b297c69?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/33eaeba24c23d4bf81db53e38627da1da0c1604cefd8066b39afba2a7b297c69?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"UniVista","logo":{"@type":"ImageObject","@id":"https:\/\/univista.com\/wp-content\/uploads\/2018\/03\/Univista-Logo-e1522352689794.png","url":"https:\/\/univista.com\/wp-content\/uploads\/2018\/03\/Univista-Logo-e1522352689794.png","width":600,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/univista.com\/wp-content\/uploads\/2017\/11\/Ping-Logo-300x126.png","url":"https:\/\/univista.com\/wp-content\/uploads\/2017\/11\/Ping-Logo-300x126.png","height":"312","width":"743"},"url":"https:\/\/univista.com\/posts\/national-cybersecurity-strategy-2023-whitehouse-gov\/","about":["Uncategorized"],"wordCount":923,"articleBody":"ShareTweet                                        As we all know, probably to the point of exhaustion, is that the internet is a place filled with many threats that we all need to be aware of. Our federal government has recognized how hard it is for all of us to address all of these threats on our own by developing and publishing the 2023 National Cyber security\u00a0Strategy of the United States Government, National-Cybersecurity-Strategy-2023.pdf (whitehouse.gov). UniVista strongly endorses this strategy. It\u2019s filled with lots of good ideas, like making investments in cyber security\u00a0research, training, and even making it easier to survive a cyber security\u00a0incident through a federal Cyber Insurance backstop. The idea we\u2019re particularly enthusiastic about is \u201cStrategic Objective 3.3: Shift Liability for Insecure Software Products and Services,\u201d which aims to stop vendors and software providers from absolving themselves of responsibility should your network be compromised due to using their software or services. UniVista appreciates the clear focus the government is projecting onto those who provide insecure software or services, and we hope this focus will encourage all vendors and manufacturers to their products and services are secure for the sake of us all.\u201cWait,\u201d you might say, \u201cUniVista is a service provider and your own liability could be increased by this directive!\u00a0 Why would you want to endorse something that puts you in the cross hairs?\u201d\u00a0As your Technology Partner, we at UniVista treat your environment with the same care and accountability as our own internal network.\u00a0 We\u2019ve focused on \u201cBest Practices\u201d for a long time, even rolling out our \u201cAlignment Score\u201d as the first item on our Monthly Health Reports as a reminder to keep such Best Practices at the forefront of all our discussions.\u00a0 Heck, many of our customers (and maybe even you, reading this) could recount a situation where we\u2019ve held a new vendor\u2019s feet to the fire, raised concerns about an insecure deployment, or even made you sign a single-purpose Security Addendum to your support agreement to underline how much of a risk was present in a decision that was about to be made. If you\u2019ve ever been asked to sign that kind of Addendum with us, we promise it wasn\u2019t because we were being obstinate or controlling.\u00a0 In every instance, there\u2019s been a real and tangible risk to your business operations which we genuinely felt you needed to be aware of.\u00a0 It\u2019s quite rare we go so far as to say \u201cno, seriously, don\u2019t do this,\u201d but it\u2019s a fact of reality that actions have consequences, and on computers, admin actions can have dire consequences.Like the rest of you, UniVista has our own service providers and partners we rely on to do business and support you while keeping your costs affordable.\u00a0 We\u2019re no better positioned to develop our own remote support tool than you are to assemble your own credit card reader.\u00a0 This means we all must use providers like Intel, Dell, Microsoft, Apple, or Google to create the systems and tools we use to conduct business.\u00a0 However, that doesn\u2019t mean that we are powerless in our choice of partners and providers.\u00a0UniVista conducts business with clients who run the gamut of regulatory oversight and requirements, but we hold both ourselves and all our customers to the same standards, and we treat every environment like it is the most important environment in the world (because to you, it is).\u00a0 We go out of our way to ask auditors additional questions and seek recommendations outside the strict \u201cletter of the law\u201d in compliance frameworks.\u00a0 We challenge our vendors and seek independent verification of their claims, just like we do when you bring on your own vendors.\u00a0We can\u2019t promise you that we or our own partners will never be compromised in the future, just like we can\u2019t promise you that you won\u2019t be either.\u00a0 But we can promise you that we have been pursuing \u2013 and will always pursue \u2013 every Best Practice we can to minimize all our risks!\u00a0 It only makes all our jobs easier to have the feds putting pressure on developers and service providers alongside us.The very first line of the 2023 National Cyber security Guidance Objective 3.3 says \u201cMarkets impose inadequate costs on \u2013 and often reward \u2013 those entities that introduce vulnerable products or services into our digital ecosystem.\u201d\u00a0 We get it.\u00a0 It\u2019s often so much cheaper to go with one provider over another for your software or service needs, and technology is expensive.\u00a0 We\u2019ve said for years that there are often \u201chidden costs\u201d associated with going with the \u201ccheap\u201d or \u201ceasy\u201d options for software and services, by way of cut corners and questionable commitments\u2026 so we simply cannot be anything other than thrilled that the government aims to hold everyone to the same standard to which we\u2019ve already been holding ourselves.\u00a0 If this means that everyone takes security and Best Practices as seriously as we do, then we all win.What\u2019s the next step? We at UniVista will keep monitoring the process and keep you informed as our government develops this strategy into a series of directives and laws. In the interim, we\u2019ll keep advocating for you to whoever can help, giving you the best advice we can, and doing our best job for you. \u00a0If you have any questions or would like to have a more in-depth conversation about our best practices, or anything at all, then please do not hesitate to reach out to us.\u00a0ShareTweet                                        "},{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https:\/\/univista.com\/posts\/#breadcrumbitem"},{"@type":"ListItem","position":2,"name":"National Cybersecurity Strategy 2023 (Whitehouse.gov)","item":"https:\/\/univista.com\/posts\/national-cybersecurity-strategy-2023-whitehouse-gov\/#breadcrumbitem"}]}]