Security patch award due soon

FedCIRC

Government agencies soon should be able to tap a free service that will ensure that they get the right security patches to plug holes in their software.

The General Services Administration's Federal Computer Incident Response Center this week expects to award its patch dissemination service, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at GSA's Federal Technology Service.

Agencies will be able to subscribe for free to the service and include a profile of the operating systems and applications in their networks. This will ensure that when new vulnerabilities or exploits are discovered, only the ones that apply to a particular agency's networks will be sent, McDonald said.

In addition to an alert, the service will provide agencies with steps to take to mitigate the effect until a patch can be developed. Once a patch is available, the service will test it and make sure that the patch does indeed fix the problem before sending it out to agencies, McDonald said.

No policy or provision yet exists for agencies to report back to FedCIRC that they have applied the appropriate patches, but such a procedure is recommended in the Office of Management and Budget's guidance on the Government Information Security Reform Act of 2000. And talks are under way to make the guidance a requirement, said Richard Clarke, chairman of the Critical Infrastructure Protection Board.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.