Coalfire released the results of its first annual FedRAMP marketplace report “Securing Your Cloud Solutions: Research and Analysis on Meeting FedRAMP/Government Standards.” The data-driven report provides perspective on who’s participating in FedRAMP, both on the cloud service provider and government agency sides, as well as guidance on common pitfalls, successful compliance strategies, and typical resourcing and budgeting approaches for cloud service providers. The Chertoff Group's Adam Isles contributed to this report.

Download the Report.


The Dark Web is at the center of the debate over whether online anonymity should be maintained despite the illegal activity that it enables. In a new paper published in The Journal of Cyber Policy, Chertoff Group Executive Chairman and Co-Founder, Michael Chertoff aims to provide policy-makers with context pertaining to the Dark Web in order to help them engage intelligently in the debate and enact effective Dark Web policy.   Based on open source research, this white paper explores the appropriate role of government in regulating the Dark Web and the most effective and reasonable methods for government to intervene. 

Download Report.

This is an Accepted Manuscript of an article published by Taylor & Francis in Journal of Cyber Policy on March 13, 2017 available online:



In response to the increasing incidence of authentication-based cyber-attacks – primarily exploiting the myriad weaknesses of passwords – policy makers around the world are developing policies and regulations focused on driving the adoption of multi-factor authentication (MFA) solutions that can prevent password-based attacks and better protect critical transactions, data, communications and infrastructure.  This paper examines the current state of threats associated with inadequate authentication, reviews the types of technologies available on the market today to address these threats, and outlines eight key principles for governments to consider as they craft authentication policies and initiatives.

Download White Paper


No technology or solution can completely eliminate the risk of a cyberattack, but adoption of biometric-enabled, multifactor authentication is one of the most impactful steps that can meaningfully reduce a company’s cyber risk. Given the emerging array of new requirements for authentication in sectors such as health, financial services and government, organizations can prepare for cloud compliance by moving to implement MFA now. A new White Paper, produced in collaboration between Microsoft and The Chertoff Group, seeks to do the following:

  1. Explore why authentication is so important
  2. Discuss barriers to the implementation and uptake of strong authentication solutions
  3. Detail the ways in which biometrics and other next-generation authentication technologies are addressing these barriers
  4. Lay out key security and privacy risks associated with biometrics, as well as discuss how governments and compliance organizations are framing policies around authentication and biometrics
  5. Detail how the right standards and architecture can ensure that biometrics are deployed in a way that addresses important regulatory and compliance concerns

Download White Paper.


Transnational mergers and international investments in U.S.-based companies are a common and important part of U.S. economic activity.  While these transactions can enable companies to make critical investments and expand capabilities, these investments can also have national security implications, especially when the domestic system or asset being considered for foreign investment provides a critical service to the U.S. government or controls technologies or assets vital to U.S. national security. 

Download White Paper.

White Paper Discusses Need for Comprehensive IAM Strategy in Combatting Insider Threat

“Insider threat” is no longer just a security buzzword; it has become an enterprise concern commanding executive-level attention.  A new white paper, Stopping The Insider Threat, produced in collaboration between The Chertoff Group and SailPoint, a leading independent identity and access management (IAM) provider, seeks to inform the conversation around the importance of a complete Identity and access Management strategy in protecting against insider attacks.

Read more

White Paper Examines Importance of Identity Governance for Federal Agencies

The “Cybersecurity Sprint” of July 2015, launched by the White House in the wake of major breaches at the Office of Personal Management (OPM), was critical to efforts to improve the security of Federal IT systems. Federal agencies made significant progress in this initial 30 day sprint, closing the vulnerabilities associated with passwords and pushing agencies to increase their use of two-factor authentication to mitigate the risk of stolen credentials. However, it is important that agencies do not simply check the two-factor authentication box and proclaim they have “solved” identity security.

A new white paper, “Securing Identity Does Not Stop with Strong Authentication,” produced in collaboration between The Chertoff Group and SailPoint, a leading independent identity and access management (IAM) provider, seeks to inform the conversation around the importance of identity governance for federal agencies.  

Download White Paper


Chertoff Group White Paper Examines Ground Truth About Encryption

U.S. policy makers are currently engaged in a debate regarding the merits of mandating a means of “extraordinary access” to encrypted data for U.S. law enforcement or what is sometimes referred to as an encryption “backdoor.”  This paper examines modern encryption technologies, the feasibility of providing law enforcement with extraordinary access, the impact that encryption technology is currently having on U.S. law enforcement (which some have referred to as “going dark”), and the likely impacts that an extraordinary access requirement would have on U.S. national security, the technology sector, and continued innovation in the security field.  

Read more

Law Enforcement Access to Evidence in the Cloud Era

The transition to a global Internet economy has been accompanied by a significant change in the nature of law enforcement activity. Evidence that formerly was available within the boundaries of a single jurisdiction and could be collected through the operation of domestic law now is often collected, stored, and processed globally by transnational companies. As a result significant potential exists for the disruption of law enforcement activities because those who hold relevant evidence may be subject to conflicting legal obligations, unilateral actions by a single jurisdiction, and significant economic pressures. Authored by experts within The Chertoff Group, Law Enforcement Access to Data in the Cloud Era outlines the scope of the problem and surveys existing technical, legal, and policy conflicts.  While it does not endorse a single solution, this paper identifies potential responses to the changing dynamic.

Read more

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

On November 14, 2014, The Chertoff Group released a new report examining the resiliency of the American electric grid against cyber and physical security threats. The report, Addressing Dynamic Threats to the Electric Power Grid Through Resilience, outlines the industry’s multipronged approach to grid security, including critical infrastructure standards, voluntary security initiatives, incident response preparations, and partnership with the government to enhance the reliability of our nation’s electric power grid. 

Download Full Report