Evans touts Energy IT security standard

Oracle benchmark

A coalition of government agencies has created a security configuration benchmark for two Oracle Corp. products that could provide a governmentwide model for future contracts.

The benchmark is a compilation of more than 250 security configuration recommendations to guide agencies and Oracle in implementing the products, said Karen Evans, chief information officer for the Energy Department who was recently picked to head the Office of Management and Budget's e-government efforts.

Energy led development of the benchmark for Oracle Database versions 8i and 9i on the Microsoft Corp. Windows and Unix operating systems, Evans said.

The idea is to standardize installations so that security features that can vary will remain constant from one to the next.

In order to have easy installation, "a lot of security features are turned off" by default, Evans said. The question that information technology leaders face, and which the benchmark answers, is which ones need to be on and how they should be configured. In some cases, like Energy's Oracle relationship, vendors might ship products already set according to the benchmark.

Energy developed the benchmark with the Homeland Security Department, National Security Agency, General Services Administration and the Defense Information Systems Agency. The Center for Internet Security aided in its development and is now working on a scorecard for agencies to use in assessing whether their own systems comply with it.

"Every time we can raise the security bar, every time we can raise the awareness of people, we should recognize that," said Bob Lentz, director of information assurance at the Defense Department at a Sept. 23 ceremony to announce the benchmark.

Evans said the benchmark can now be incorporated into governmentwide enterprise licenses.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.