RFI aims at security info sharing

Data Analysis Capability RFI

The Federal Computer Incident Response Center today released a call for industry participation in an effort to develop common standards for exchanging security incident information.

The request for information (RFI) stresses that compliance with such standards likely will become a requirement to qualify for future federal security purchases.

For some time, FedCIRC has been working with the CERT Coordination Center (CERT/CC) on the Data Analysis Capability (DAC), a solution that will allow FedCIRC to analyze and correlate incident information across government. The idea is that as more agencies share information, the better the overall management of security incidents will be.

Several agencies have helped test the DAC and work through policy issues surrounding data sharing among agencies, but technologically, agencies face difficulty in combining information from proprietary commercial security systems.

The request for information asks industry to work with the CERT/CC and the Internet Engineering Task Force on the two standards under development: The Intrusion Detection Message Exchange Format and the Incident Object Description and Exchange Format. These standards are independent of the DAC but are the most relevant to the government's needs.

Industry involvement in the standards will become even more important down the line. "We expect that compliance with the DAC architecture is likely to become a requirement for future acquisition of security-related products by federal civilian agencies," the RFI states.

As more and more agencies purchase commercial intrusion detection and management systems, such a requirement could have big implications in the security market, the RFI points out.

A second pilot test of the DAC is planned for spring 2003, and FedCIRC is encouraging vendors that can make their solutions DAC-compliant by that time to participate.

Responses to the RFI are due via e-mail to FedCIRC by Feb. 28 at dac-rfi@fedcirc.gov.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.