Patch it up

The Federal Computer Incident Response Center expects this week to award a contract for a patch dissemination service to help federal agencies fix security vulnerabilities at the application and operating system levels, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at the General Services Administration.

Agencies can subscribe for free to the service and give the center a profile of their networks' operating systems and applications so that agencies will receive only the patches that apply to their networks, McDonald said.

In addition to issuing security alerts, the new service will tell agencies the steps to take to mitigate vulnerabilities until patches can be developed. The service will test each patch before sending it out to agencies, she said.

Currently, agencies do not have to report to FedCIRC that they have applied the patches, but talks are under way to require agencies to adhere to the Office of Management and Budget's guidance that recommends such a provision, said Richard Clarke, chairman of the President's Critical Infrastructure Protection Board.

Featured

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected