EPA improves security compliance

Environmental Protection Agency officials dramatically improved their ability to follow information security regulations by spending half a million dollars on a compliance system.

Several companies and government agencies have contacted the EPA to learn about its increased compliance with the Federal Information Security Management Act of 2002, said Mark Day, the EPA's deputy chief information officer. Since buying software from BindView Corp. more than a year ago, the agency's FISMA technical compliance has risen from 35 percent to 95 percent, attracting interest inside and outside of the federal government., Day said.

In an Office of Management and Budget report, "Budget of the United States 2005; Analytical Perspectives," officials stated that the EPA "excelled at protecting their information security assets."

BindView's product, BindView Report Packs, is designed to help information technology administrators target and eliminate security vulnerabilities in information systems. The software cost the agency about $500,000, Day said.

As with many new IT strategies, particularly ones that involve intensified oversight, initial hesitancy among agency staff members gave way to broad-based approval, Day said.

"There were a couple brave souls who took this on and proved that it could be done," he said. "Then later, when someone said, 'It's too hard. It can't be done,' the answer was easy: 'Everyone else is doing it.' "

The BindView system gave managers the tools to give instructions and check compliance, which helped the EPA chart and publish its compliance.

"It's amazing how these charts went from being something very disliked in the first couple months to now most of the IT professionals saying to their boss, 'Here's independent proof that I am doing my job.' "

Officials ensured that the EPA's compliance reports were widely published, lending to system-critical transparency and credibility, Day said. And managers didn't have to be technical experts to address their IT problems. "The typical problem a manager gets is a report saying a password isn't set up. What can they do? They don't know how to fix that. Well, now they say get me green."

EPA isn't endorsing BindView's product, Day said.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.