New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment and adopting National Institute of Standards and Technology (NIST) standards by Nov. 1, 2024.
“New Mexico’s decision to establish specific cybersecurity guidelines tied to established NIST guidelines will set the state up for success,” said Trustwave Government Solutions (TGS) President Bill Rucker. “I expect other states to follow suit as the danger posed by malicious threat groups will continue and state, local and municipal governments may be targeted.”
Grisham’s Executive Order 2024-011 notes the dangerous surge in cybersecurity threats facing New Mexican state agencies and directs the state’s Department of Information Technology (DoIT) to conduct security assessments on state agencies to detect security vulnerability incidents and support mitigation efforts.
The Executive Order follows New Mexico’s Cybersecurity Act, which Grisham signed in April 2023. The Act established the New Mexico Cybersecurity Office tasked with overseeing cybersecurity and information security-related functions across the state Information Technology (IT) ecosystem. The Act also established a cybersecurity advisory committee charged with identifying and recommending cybersecurity best practices for all state government entities, educational institutions, and tribal governments.
Additionally, New Mexican state agencies must adopt and implement cybersecurity, information security, and privacy policies based upon no less than moderate-impact security control baselines, frameworks, and standards issued by NIST. The agencies that fall under this order include departments, offices, boards, commissions, and other agencies within the Executive Branch under gubernatorial control.
The order also encourages public bodies not specifically named to voluntarily comply with its stated goals and to participate in the cybersecurity and information security programs offered by various state cybersecurity and IT agencies.
EO 2024-011 also encourages all public bodies not subject to the order to voluntarily comply with its rules, standards, and requirements and to participate in cybersecurity and information security programs offered by the Cybersecurity Office, the Cybersecurity Advisory Committee, or DoIT.
Why TGS is the Best Choice
TGS is designated as “In Process Program Management Office (PMO) Review" by the Federal Risk and Authorization Management Program (FedRAMP) for its Government Fusion platform. A process that is expected to be completed shortly.
Gaining FedRAMP status is an important step for TGS as shortly after Trustwave receives its final FedRAMP approval, Trustwave will become a StateRAMP-authorized vendor.
"Achieving this milestone opens the door for TGS to continue delivering its award-winning managed security services to federal/state/local governments and federal government contractors with a solution that meets or exceeds their elevated security requirements," Rucker said.
How TGS Can Help
TGS provides a wide array of solutions and services designed to advise, detect, and secure federal, state, local, and private organizations.
These include:
Advisory & Diagnostics
- Security roadmaps to include assessments and implementation (e.g., security maturity, cloud security, supply chain risk, artificial intelligence and ransomware readiness)
- Compliance readiness that includes the evaluation of compliance program and remediation support for identified gaps
- Virtual CISO/Security team that enhances existing cybersecurity teams with Trustwave experts, resources, and personnel
Penetration Testing
- Attack surface management to continuously monitor for potential attack vectors and exposure
- Trustwave can conduct penetration testing, Red and Purple team exercises, and attack simulation activities to evaluate physical and logical processes, communications, and security
- A pentesting-as-a-service programmatic approach to testing on demand
- Trustwave is the only pure-play managed security provider with global CREST capability
Database Security
- Support for more than 90% of enterprise structured databases
- Robust database scanning to catalog environment and identify weaknesses
- Deep analysis to assess and control user privileges, roles and objects needed to enforce Zero Trust practices
- Monitor and respond to database activity with comprehensive security to identify suspicious activity
Email Security
- 99.99% detection rate across spam, malware, and phishing attacks
- Proprietary artificial intelligence/machine learning engine detects 12,000 unknown threats every day
- 20+ years without a major client incident
- Simplified, cost-effective implementation
- Layering MailMarshal with Microsoft 365 results in up to 99+% less malware, phishing, BEC, and spam
