Introduction

The public sector has always been a web of complex and overlapping regulations — especially in terms of cybersecurity. But recently, new mandates have raised the bar at the federal level, urging agencies to enhance their data loss prevention (DLP) capabilities.

In this white paper, we’ll unravel three regulations impacting federal cybersecurity, the importance of DLP, and how the right solution can help agencies meet their expanded compliance requirements. 

The New Compliance Landscape

In 2021, President Biden issued Executive Order (EO) 14028, which aimed to enhance the nation’s cybersecurity — public sector included.1 This compelled federal agencies to meet three new requirements:

Encryption: Encrypt data at rest and in transit.

Classification: Evaluate, identify, and apply appropriate processing and safeguarding of data.

Zero Trust: Advance toward a Zero Trust architecture by automating data protection across the entire infrastructure.

Building on these mandates, the Department of Defense Information Network (DoDIN) created operational order (OPORD) 8600-24. In alignment with President Biden’s order, it specifically requires:

  • Protection for data at rest, in use, and in motion.
  • Access control mechanisms that authenticate user permissions based on tagging.
  • Device management policies.
  • Acceptable use policies for devices and removable media.

Finally, the introduction of the Cyber Operational Readiness Assessment (CORA) program has created a process for testing and verifying compliance.2 As the successor to an existing assessment model, CORA focuses on today’s cyber landscape and the most critical remediation areas. 

Altogether, these regulations emphasize total data protection — more specifically, through data loss prevention software. 

Understanding DLP

Data loss prevention is the ability to identify, monitor, and protect data in use, in motion, and at rest from unauthorized access, exposure, and manipulation.3 More simply, it’s the process of securing sensitive information at all stages of its lifecycle.

Notably, DLP includes both internal and external risks. That means it not only focuses on preventing malicious breaches but also insider threats and accidental leaks. 

This is especially vital to federal agencies, particularly the DoD, which process highly sensitive information ranging from citizen data to classified mission details. And, with attacks on the public sector increasing, it’s never been more important to monitor user access and accelerate response protocols as much as possible.4 

DLP solutions provide both capabilities in one platform, making them essential — and now mandated — for effective cybersecurity. 

How does DLP work?

Organizations establish policies that define how sensitive data should be managed. These rules dictate who can access the data, how it can be shared, and under what circumstances. 

Next, DLP tools monitor data usage throughout the environment. This covers both within the organization and as data exits the network. When rule violations occur, the solution can take action based on predetermined settings. These decisions combine contextual analysis with content awareness, using several different monitoring techniques to evaluate incidents, such as:

  • File matching
  • Database fingerprinting
  • Statistical analysis
  • Regular expression (regex) scanning 

An ideal, or “total,” DLP implementation applies these monitoring techniques across the board — to hardware, networks, applications, and cloud services. However, in the past, most DoD agencies acquired DLP through the Defense Information Systems Agency (DISA) and its Endpoint Security Solutions (ESS) program. 

The ESS program’s primary goal is to secure endpoint devices from malware, unauthorized access, and other cyber threats. While this is crucial, DLP involves a broader scope that includes monitoring, detecting, and preventing data breaches across the whole infrastructure, not just at endpoint levels. 

ESS might not fully cover data movement across networks or data at rest in centralized storage systems, let alone distributed cloud environments. So, it covers just a small percentage of the new mandated requirements, leaving major compliance risks on the table. 

Take the Department of the Interior (DOI), for example. In 2024, the DOI released a report detailing its evaluation of the Department’s cloud security posture.5 The DOI simulated an attack on one of its cloud-based computer systems and tracked it in real-time. 

Per the results, the Department’s limited DLP solution failed to prevent any of the 100 tests or recognize any as malicious activity. As the report concluded, this “illustrates the importance of having a robust DLP capability to protect sensitive data from unauthorized access.”

Total Data Protection: Software Matters

Given the size of the federal government’s compliance gaps, it may seem unlikely to bridge them all with one vendor. Yet, there are DLP suites that can do exactly that. These portfolios include:

  • Drive Encryption: Encrypted information stored on hard drives and other storage systems protects data at rest. This prevents unauthorized access to sensitive data if devices are lost, stolen, or improperly used. 
  • File and Removal Media Protection (FRP): FRP secures data on USB drives and other removable media, providing control over how data is shared and transported. 
  • DLP Endpoint Complete: DLP solutions classify, monitor, and control data across endpoint devices, detecting and preventing unauthorized attempts to copy or transfer sensitive information. 
  • DLP Network Monitor: Analyze network traffic to detect sensitive data in transit. With visibility into data flows, a DLP network monitor helps agencies understand how information moves within and outside their network. 
  • DLP Network Prevent: In tandem with Network Monitor, this solution actively mitigates the unauthorized transmission of data and can block or quarantine transfers that violate policies. 
  • DLP Discover: This tool scans storage systems to locate data, allowing it to be classified into over 400 file types and protected according to its sensitivity.

Altogether, these solutions map perfectly to EO 14028, OPORD 8600, and the CORA program. Not only do they secure data at rest, in use, and in motion, but they expand DLP capabilities beyond devices and throughout the entire infrastructure. These protections provide a solid foundation for a cohesive Zero Trust architecture. 

Critically, the solution should integrate with key data classification and protection tools, ensuring sensitive information remains secure across various environments, including on-premises, cloud, and hybrid setups.

With a single management console, it’s simple to coordinate and enforce policies across all solutions simultaneously. As a centralized monitoring and reporting platform, agencies can easily document actions and generate an audit trail for proof of compliance.

Simplify Your DLP Journey With a VAR

Of course, as with any cybersecurity deployment, DLP isn’t something agencies can “set and forget.” When it comes time to refine policies, troubleshoot problems, and unlock potential, credible Value-Added Resellers (VAR) are there to lend a hand. 

A mission-focused VAR can step in to help customers whenever necessary, acting as an expert partner, liaison, and advocate. With the combined powers of a VAR and a quality software vendor, the public sector gains a single source of ongoing support and total data security.