GAO offers security guide

"Information Security: Technologies to Secure Federal Systems"

The 18 types of security technology available in the commercial market can help agencies protect their systems and information, but they are still only the beginning of a comprehensive security management process, according to the General Accounting Office.

In a report released today that essentially serves as a catalog and explanatory guide, GAO officials outlined the major types of commercial security technologies that agencies can use and how effective they are for various risks and vulnerabilities.

Robert Dacy, GAO's director for information security, is testifying today before the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee on agencies' implementation of the Federal Information Security Management Act. It mandates many of the security management practices that can be supported by the technologies identified in the report.

GAO officials say the selection and effective use of security technology requires agency officials to consider several questions about implementation within their networks:

* How can we use the technology within a layered, defense-in-depth strategy?

* How will the technology enhance or impede users' ability to carry out the agency's mission?

* What independent evaluations of the technology's effectiveness are available?

* What security awareness programs are in place and what training will be necessary for new technology?

* How can we ensure that the technology is properly and securely configured?

The 18 technologies that GAO identified fall into five categories: access controls, system integrity, cryptography, auditing and monitoring, and configuration management and assurance. The technologies that fit under those headings include everything from digital signatures to network management tools.

The report provides a description of each category, the history and context of the technology, and the general advantages and disadvantages to the use of that type. It then breaks down each technology, detailing what it does, how it works

Featured

  • Veterans Affairs
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA health record go-live pushed back to July

    The Department of Veterans Affairs is delaying a planned initial deployment of its $16 billion electronic health record project by four months, but is promising added functionality at the go-live date.

  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.