Patch it up

The Federal Computer Incident Response Center expects this week to award a contract for a patch dissemination service to help federal agencies fix security vulnerabilities at the application and operating system levels, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at the General Services Administration.

Agencies can subscribe for free to the service and give the center a profile of their networks' operating systems and applications so that agencies will receive only the patches that apply to their networks, McDonald said.

In addition to issuing security alerts, the new service will tell agencies the steps to take to mitigate vulnerabilities until patches can be developed. The service will test each patch before sending it out to agencies, she said.

Currently, agencies do not have to report to FedCIRC that they have applied the patches, but talks are under way to require agencies to adhere to the Office of Management and Budget's guidance that recommends such a provision, said Richard Clarke, chairman of the President's Critical Infrastructure Protection Board.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected