New TSA Cybersecurity Emergency Action Rule Impacts Cybersecurity and Compliance

On March 7, 2023, in the wake of President Joe Biden's National Cybersecurity Strategy announcement, the U.S. Transportation Security Administration (TSA) issued a cybersecurity emergency action amendment for certain regulated airport and aircraft operators. The new Action Rule can have significant impact for the IT, security, and compliance teams. In this blog, we explain how Qualys can help regulate entities easily, and quickly comply with TSA's cybersecurity emergency action rule.

TSA representatives stated that the emergency action was due to "persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector." TSA-regulated entities must develop an approved implementation plan for improving cybersecurity resilience and to prevent disruption and degradation to critical infrastructure. Entities are required to proactively assess the effectiveness of those measures and take the following four actions:

1. Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa;
2. Create access control measures to secure and prevent unauthorized access to critical cyber systems;
3. Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations; and
4. Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.

How Qualys Can Help

The Qualys Cloud Platform is built with the world's most comprehensive Vulnerability Management (VM) capabilities, including its own asset inventory, threat database, and attack surface management. The apps required for TSA compliance are delivered via one platform, managed with one dashboard, and deployed with a single agent. Apps required for TSA compliance include:

Qualys Policy Compliance (PC) is a cloud service that enables continuous assessment of the TSA cybersecurity environment. Qualys PC provides 850 pre-configured policies, 19,000 controls, 350 technologies, and 100 regulations and frameworks to help you comply with TSA and most other regulatory mandates.

Qualys Vulnerability Management, Detection, and Response (VMDR) - VMDR is a foundational solution for managing cyber risks to a TSA environment. It specifically addresses TSA's required action #3.

Qualys CyberSecurity Asset Management (CSAM) with External Attack Surface Management (EASM) - CSAM provides an accurate, context-rich inventory of all TSA entity cyber assets to identify security gaps. EASM provides full visibility and control of the external attack surface. This app addresses TSA's required action #3 and prioritization for action #4.

Qualys Patch Management addresses TSA's required action #4 by automating the entire patching process for operating systems, mobile devices, and third-party applications - even for remote devices within the TSA entity's environment.

Qualys Custom Assessment and Remediation leverages the entire suite of Qualys Cloud Platform services and solutions. The service provides teams with unmatched insight and the ability to react in real time to urgent vulnerabilities and threats.

Qualys Endpoint Security consists of multi-layered prevention, anti-exploit, EDR, and threat & vulnerability intelligence. It prevents known & unknown attacks and enhances security posture by native integration with Vulnerability Management and Patch Management.

How the Qualys Cloud Platform Addresses the TSA Requirements:

TSA Requirement #1:

This requirement is specific to network equipment, but when using the Qualys Cloud Platform agent, customers can continuously validate that devices in different network segments cannot "see" each-other. This ensures that current policies, as well as future deliberate or accidental changes to your network settings, do not negatively impact the requirement. When a negative impact is detected, a new custom vulnerability can be flagged and added to your VMDR reports/dashboards. This ensures visibility for those vulnerabilities can be integrated with your current vulnerability management workflows.

TSA Requirement #2:

Ensuring a secure policy for access control is critical for both corporate IT and cloud resources. Using Qualys compliance solutions, both for cloud SaaS solutions (e.g., Office 365, Google, Salesforce, etc.) and corporate IT resources, Qualys customers can validate and enforce access control, and user authentication and password policies, to ensure secure access control is always configured correctly and enforced, as well as alerts for any future changes that may negatively impact controls.

TSA Requirement #3:

Utilizing the same agent for vulnerabilities scanning and patch and configuration assessments, Qualys Endpoint Security continuously monitors all endpoint activities to detect and stop cybersecurity threats. It includes multiple layers of protection.  Each layer is designed to stop specific types of threats, tools, or techniques, covering multiple stages of attacks. By automatic correlation of malware incidents, CVE's and Patches, organizations can prevent future attacks by instantly remediating actively exploited vulnerabilities.  In addition, Qualys File Integrity Monitorin g (FIM) ensures mission critical systems, like the ones used to operate airport equipment or airplanes, stay intact. This app can also generate real-time alerts in case any non-legitimate changes are made to those systems.  

TSA Requirement #4:

With Qualys industry leading vulnerability scan and risk-based prioritization, the Qualys Cloud Platform with its single agent can be used for risk-based methodologies to patch vulnerable systems for Linux, MacOS, and Windows patching for operating systems and applications, etc. The Qualys remediation solution can complement your SCCM/WSUS solution, and if needed, can integrate with your current remediation workflows to allow security and IT teams to leverage your investment in the Qualys platform. This will help you quickly address most of your unpatched systems and ensure compliance. In fact, customers that are using Qualys Patch and its automation are experiencing almost twice as faster mean time to remediation (MTTR).

More About the Qualys Cloud Platform

The Qualys Cloud Platform is one of the only security and compliance platforms that is FedRAMP Authorized to Operate (ATO) at the Medium Impact level. Qualys was selected by TSA's own leadership, the Department of Homeland Security (DHS), to support 70 federal agencies for its Continuous Diagnostics and Mitigation (CDM) program. The CDM program supports government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers by:

• Reducing agency threat surfaces
• Increasing visibility into the federal cybersecurity posture
• Improving federal cybersecurity response capabilities
• Streamlining Federal Information Security Modernization Act (FISMA) reporting

The Qualys Cloud Platform is one of the most advanced security platforms for federal, state, and local agencies, as well as regulated private sector firms that must comply with TSA's required actions. The platform provides an entity-wide view of risk-based cybersecurity posture, with more than two dozen security and compliance applications fully integrated by a single, centralized interface and agent.

The platform simultaneously conforms with the federally mandated Zero Trust Security Model and many of the broader guidelines in NIST Special Publication 800-53 v5.

Learn More

To learn how your TSA entity can easily and quickly comply with the new emergency directive, please visit Qualys today to start your free trial.

Contributors:

• By Bill Reed, Qualys Product Marketing
• Eran Livne, Qualys Product Management
• Dave Buerger, Qualys Product Marketing

Related

Public link

Please use the above public link if you want to share this noodl on another website.