GAO offers security guide

"Information Security: Technologies to Secure Federal Systems"

The 18 types of security technology available in the commercial market can help agencies protect their systems and information, but they are still only the beginning of a comprehensive security management process, according to the General Accounting Office.

In a report released today that essentially serves as a catalog and explanatory guide, GAO officials outlined the major types of commercial security technologies that agencies can use and how effective they are for various risks and vulnerabilities.

Robert Dacy, GAO's director for information security, is testifying today before the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee on agencies' implementation of the Federal Information Security Management Act. It mandates many of the security management practices that can be supported by the technologies identified in the report.

GAO officials say the selection and effective use of security technology requires agency officials to consider several questions about implementation within their networks:

* How can we use the technology within a layered, defense-in-depth strategy?

* How will the technology enhance or impede users' ability to carry out the agency's mission?

* What independent evaluations of the technology's effectiveness are available?

* What security awareness programs are in place and what training will be necessary for new technology?

* How can we ensure that the technology is properly and securely configured?

The 18 technologies that GAO identified fall into five categories: access controls, system integrity, cryptography, auditing and monitoring, and configuration management and assurance. The technologies that fit under those headings include everything from digital signatures to network management tools.

The report provides a description of each category, the history and context of the technology, and the general advantages and disadvantages to the use of that type. It then breaks down each technology, detailing what it does, how it works

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.