Treasury Office Wants Security For the Cloud From the Cloud

The Office of the Comptroller of the Currency has many diverse cloud environments and is looking for two systems to help manage enterprise cybersecurity.

OCC, an independent bureau within the Treasury Department, operates a number of cloud systems, including internal, on-premise systems and applications hosted by third parties, such as Microsoft Azure and Amazon Web Services. As new systems and applications are bolted on, the office needs to be able to push its security protocols onto the new systems and manage exactly who has access and at what privilege level.

To that end, the office issued two requests for information Tuesday seeking a cloud access security broker, or CASB, and a vendor that could provide identity access management as a service.

Both security systems must be able to support OCC’s 4,000 employees at various locations across the U.S., as well as authentication and user directory services for internal users and an additional 6,000 external users accessing agency websites like banknet.gov.

The cloud security broker would be expected to provide a system to push and enforce security standards in agency data centers and cloud applications, as well as third-party systems. That could include identity verification, device mapping, malware detection and mitigation and encryption, among other services.

The identity management as-a-service vendor would provide a set of cloud-based tools for ensuring users are who they claim to be and granting only as much access as is required.

The secondary goal of having a cloud-based management system would be to ensure that the access management security system wouldn’t be compromised in the event of an attack on or failing of the agency’s systems, according to the RFI.

Responses to both RFIs are due by 11 a.m. on April 16.