GAO offers security guide

"Information Security: Technologies to Secure Federal Systems"

The 18 types of security technology available in the commercial market can help agencies protect their systems and information, but they are still only the beginning of a comprehensive security management process, according to the General Accounting Office.

In a report released today that essentially serves as a catalog and explanatory guide, GAO officials outlined the major types of commercial security technologies that agencies can use and how effective they are for various risks and vulnerabilities.

Robert Dacy, GAO's director for information security, is testifying today before the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee on agencies' implementation of the Federal Information Security Management Act. It mandates many of the security management practices that can be supported by the technologies identified in the report.

GAO officials say the selection and effective use of security technology requires agency officials to consider several questions about implementation within their networks:

* How can we use the technology within a layered, defense-in-depth strategy?

* How will the technology enhance or impede users' ability to carry out the agency's mission?

* What independent evaluations of the technology's effectiveness are available?

* What security awareness programs are in place and what training will be necessary for new technology?

* How can we ensure that the technology is properly and securely configured?

The 18 technologies that GAO identified fall into five categories: access controls, system integrity, cryptography, auditing and monitoring, and configuration management and assurance. The technologies that fit under those headings include everything from digital signatures to network management tools.

The report provides a description of each category, the history and context of the technology, and the general advantages and disadvantages to the use of that type. It then breaks down each technology, detailing what it does, how it works

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.