Annual FraudNet Program Report Unveiled by GAO

Annual FraudNet Program Report Unveiled by GAO

In a bid to bolster cybersecurity, federal agencies are grappling with a critical flaw in Microsoft's widely-used SharePoint software, while simultaneously pushing identity security as a cornerstone of defensive and offensive strategies within the framework of Zero Trust Architecture (ZTA).

The U.S. government views identity as the new cybersecurity perimeter, focusing on continuous, adaptive verification of users and devices to prevent unauthorized access and lateral movement in networks.

Key initiatives and resources include:

1. Mandates and Strategic Directives: The Executive Order 14028 and OMB Memorandum M-22-09 require all federal agencies to adopt Zero Trust principles by the end of FY 2027, with measurable progress. These principles focus on "never trust, always verify" and the assumption that breaches are inevitable, shifting from perimeter-based defenses to identity-centric controls.
2. Core Identity Security within Zero Trust: Zero Trust architecture enforces strict identity verification and authorization for every access request, regardless of whether users or devices are inside or outside the network. This includes multi-factor authentication, least privilege access, continuous monitoring, and adaptive policies based on identity, device state, location, and risk context. Identity governance and behavioral analytics are crucial in defending against sophisticated attacks, including AI-driven threats.
3. CISA Guidance and Microsegmentation: The Cybersecurity and Infrastructure Security Agency (CISA) has released detailed guidance on implementing Zero Trust networks, with a strong emphasis on identity controls and microsegmentation. Microsegmentation limits the potential impact of breaches by isolating devices and accounts, preventing lateral movement of attackers.
4. Implementation Resources and Industry Support: Government contractors and vendors must align their solutions with frameworks such as NIST SP 800-207, CISA’s Zero Trust Maturity Model, and Department of Defense pillars. Companies like Optiv + ClearShark help federal agencies integrate and optimize identity management tools (e.g., SailPoint, BeyondTrust, Ping, Okta) within a cohesive cyber resilience framework tailored to governmental mission goals.

These combined efforts represent an integrated, continuously evolving approach that treats identity security as both a defensive shield and an offensive tool by proactively minimizing breach impact and enabling rapid detection and response across federal networks.

Meanwhile, the Office of Personnel Management (OPM) is bracing for a significant workforce reduction, with more than 1,000 employees either already having left or expected to separate from the agency in the coming months. This could potentially impact the government's ability to implement and manage these new cybersecurity strategies effectively.

Elsewhere, the Defense Department (DoD) is undergoing a sweeping review of its digital systems, with Defense Secretary Pete Hegseth ordering the immediate cessation of any involvement from China in DoD cloud services. Leslie Beavers, the Defense Department's principal deputy chief information officer, is also stepping down at the end of September.

For further reading and detailed government guidance, consult:

• OMB Memorandum M-22-09 and Executive Order 14028 for federal mandates
• CISA’s “Journey to Zero Trust” guidance and microsegmentation series
• NIST Special Publication 800-207 on Zero Trust Architecture
• Industry whitepapers from federal cybersecurity partners addressing adaptive identity security strategies
• FraudNet, a program of the Government Accountability Office, referred more than 2,100 allegations to federal agencies or other entities for further investigation last year.
• The Government Accountability Office processed over 5,700 allegations through its fraud hotline last year.

It is important to note that the platform reserves all its rights, and it is not intended for users located within the European Economic Area. Additionally, copyright © 2025 for the platform has been claimed. More details may be coming about where 17 agencies are still planning to implement reductions in force.

1. Federal agencies are focusing on identity as the new cybersecurity perimeter, using continuous, adaptive verification of users and devices to prevent unauthorized access, as part of their Zero Trust Architecture strategy that leverages technology to secure networks. This follows from the mentioned mandates and strategic directives, such as Executive Order 14028 and OMB Memorandum M-22-09.
2. The Department of Defense (DoD) is emphasizing technology in its digital systems overhaul, with the Defense Secretary ordering a halt to any involvement from China in DoD cloud services, and the principal deputy chief information officer, Leslie Beavers, stepping down. These actions illustrate the significance of technology in cybersecurity, particularly in high-security departments like DoD.

Read also: