Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
OMB to analyze major agency progress with FDCC
Friday - 12/5/2008, 6:59am EST
Karen Evans has about six weeks left as the administrator of e-government and information technology in the Office of Management and Budget. But that doesn't mean she is packing her things and taking it easy.
In fact, Evans says her expectations around what agencies need to accomplish and by when have not waned even a little.
"OMB is looking at agencies policies to make sure they are doing what they said they would do," says Evans at a conference Thursday on the Trusted Internet Connections (TIC) initiative in Washington sponsored by Juniper.
Part of the way OMB is doing that is with the General Services Administration, which is running the Policy Utilization Assessment tool for the Federal Desktop Core Configuration (FDCC) for Microsoft Windows XP and Vista.
Evans says this second test will analyze how the 25 major agencies have implemented the FDCC.
When GSA ran the first test with a smaller number of agencies earlier this year, only 30 percent of the agencies had fully installed the FDCC on their computers. Evans says she hopes for at least 50 percent this time around.
The correct implementation of the FDCC is one of the basic things agencies can do to improve cybersecurity.
Evans says basic configuration management, patch management and having a security operations center (SOC) that operates 24 hours a day, 7 days a week are fundamental steps agencies should be taking.
"Not all agencies have a 24/7 SOC even if they say they do," she says. "When we find out those agencies that say they have a 24/7 SOC and don't, I e-mail those chief information officers and ask them 'what's going on?'"
Some agencies may not have SOCs yet because they are waiting on GSA to add TIC services to the Networx telecommunications contract.
GSA expected to add these services by the end of November, but it delayed modifications to Networx until Dec. 14.
Once GSA makes awards, vendors have 60 days to certify and accredit their systems, meaning agencies will not be able to purchase these services until February at the earliest.
Evans says part of the reason for the delay is the Homeland Security Department needed to make sure they developed the correct requirements for secure gateways.
She says she is frustrated that it will take longer to offer TIC services, but there are plenty of things that agencies can do including implementing some of the basic security requirements.
DHS, meanwhile, is developing a program to constantly monitor and analyze agency Internet connections. Should one not meet the TIC requirements, Evans says DHS can pull that agency offline until the problem is fixed.
"With any major change in your configuration, you need to redo your certification and accreditation," she says. "This is the difference between compliance and achieving results."
On the Web:
FederalNewsRadio - OMB adjusts target for Internet gateways
FederalNewsRadio - GSA sets waiver process for Networx deadline
FederalNewsRadio - Federal Security Spotlight
FedBizopps.gov - Cyber Initiative industry day
(Copyright 2008 by FederalNewsRadio.com. All Rights Reserved.)