Evans touts Energy IT security standard

Oracle benchmark

A coalition of government agencies has created a security configuration benchmark for two Oracle Corp. products that could provide a governmentwide model for future contracts.

The benchmark is a compilation of more than 250 security configuration recommendations to guide agencies and Oracle in implementing the products, said Karen Evans, chief information officer for the Energy Department who was recently picked to head the Office of Management and Budget's e-government efforts.

Energy led development of the benchmark for Oracle Database versions 8i and 9i on the Microsoft Corp. Windows and Unix operating systems, Evans said.

The idea is to standardize installations so that security features that can vary will remain constant from one to the next.

In order to have easy installation, "a lot of security features are turned off" by default, Evans said. The question that information technology leaders face, and which the benchmark answers, is which ones need to be on and how they should be configured. In some cases, like Energy's Oracle relationship, vendors might ship products already set according to the benchmark.

Energy developed the benchmark with the Homeland Security Department, National Security Agency, General Services Administration and the Defense Information Systems Agency. The Center for Internet Security aided in its development and is now working on a scorecard for agencies to use in assessing whether their own systems comply with it.

"Every time we can raise the security bar, every time we can raise the awareness of people, we should recognize that," said Bob Lentz, director of information assurance at the Defense Department at a Sept. 23 ceremony to announce the benchmark.

Evans said the benchmark can now be incorporated into governmentwide enterprise licenses.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.