Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Delivering the Digital Government Mission
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Commerce considering managed service to fix cyber weakness
Monday - 1/21/2013, 4:34pm EST
The Commerce Department wants to fix a glaring cyber weakness. It lacks full centralized enterprisewide cybersecurity reporting capabilities across its 90,000 computers.
The agency issued a request for information Jan. 15 asking vendors to describe capabilities across 11 areas and the cost for a managed cyber service.
The RFI stated the capabilities would "provide department-level situational awareness, a single, common operating picture of security for the department's systems, remediation and response, and other centralized functions necessary to monitor and manage the department's cybersecurity posture."
The Commerce Department's inspector general reported in November that one of the agency's top management challenges was to strengthen the security and investments in IT.
"Over the years, we have repeatedly identified significant flaws in basic security measures protecting IT systems and information," the IG report stated. "We have continually called for greater attention and stronger commitment from the department's senior management to the basic security practices, which, if properly implemented, can effectively minimize or stop cyberattacks before a serious compromise occurs. In response to our fiscal years 2010 and 2011 recommendations, the department has updated its IT security policy for vulnerability scanning, secure configurations, and management of plans of action and milestones. However, the department needs to enforce these polices because we continue to find similar security weaknesses in departmentwide and bureau systems."
For example, Commerce's Economic Development Administration suffered a cyber attack that shut down its network last February.
The Commerce RFI, while not mentioning the IG's report, would help address some of those challenges.
For example, Commerce wants a vendor detail how it would collect and consolidate network security status information from multiple disparate networks across 14 bureaus, and detect network intrusion, malware and other vulnerabilities and suggest mitigation recommendations.
Commerce said in the RFI that its acquisition strategy still is under development, but it will "consider secure, reliable and cost-effective cloud technology options for this managed security service," under the Federal Risk and Authorization Management Program (FedRAMP).
Responses to the RFI are due Jan. 31.
The Homeland Security Department in December issued an RFQ for continuous monitoring-as-a-service that would provide many of these services.