Patch it up

The Federal Computer Incident Response Center expects this week to award a contract for a patch dissemination service to help federal agencies fix security vulnerabilities at the application and operating system levels, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at the General Services Administration.

Agencies can subscribe for free to the service and give the center a profile of their networks' operating systems and applications so that agencies will receive only the patches that apply to their networks, McDonald said.

In addition to issuing security alerts, the new service will tell agencies the steps to take to mitigate vulnerabilities until patches can be developed. The service will test each patch before sending it out to agencies, she said.

Currently, agencies do not have to report to FedCIRC that they have applied the patches, but talks are under way to require agencies to adhere to the Office of Management and Budget's guidance that recommends such a provision, said Richard Clarke, chairman of the President's Critical Infrastructure Protection Board.

Featured

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected