Patch it up

The Federal Computer Incident Response Center expects this week to award a contract for a patch dissemination service to help federal agencies fix security vulnerabilities at the application and operating system levels, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at the General Services Administration.

Agencies can subscribe for free to the service and give the center a profile of their networks' operating systems and applications so that agencies will receive only the patches that apply to their networks, McDonald said.

In addition to issuing security alerts, the new service will tell agencies the steps to take to mitigate vulnerabilities until patches can be developed. The service will test each patch before sending it out to agencies, she said.

Currently, agencies do not have to report to FedCIRC that they have applied the patches, but talks are under way to require agencies to adhere to the Office of Management and Budget's guidance that recommends such a provision, said Richard Clarke, chairman of the President's Critical Infrastructure Protection Board.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.