USDA to certify security

Officials at the Agriculture Department, with 29 agencies and more than 500 computer information systems, expects to spend as much as $60 million to certify and accredit those systems during the next five years.

"It's a major undertaking — it's going to take us some time," Gregory Parham, acting associate chief information officer for cybersecurity at USDA told Federal Computer Week.

In an interview this week, Parham said two USDA data centers, the National Finance Center in New Orleans and the National Information Technology Center in Kansas City, Mo., have taken the lead in certifying and accrediting their information systems, as the Federal Information Security Management Act of 2002 requires.

Last October, USDA officials awarded purchasing agreements worth up to $60 million for security certification and accreditation services to 11 companies on the General Services Administration schedule. The companies include: Anteon Corp., CACI Inc., Computer and Hi-tech Management Inc., DSD Laboratories Inc., Newberry Group Inc., Science Applications International Corp., PEC Solutions Inc., Telos Corp., Titan Corp and two others.

Parham said agencies are beginning to tap those contracts for doing IT security-risk assessments, creating security and disaster-recovery plans, writing security guidebooks for users and testing and evaluating computer-security controls. For contracting purposes, he said, agencies typically bundle several of their information systems along with a statement of work, and then ask the companies to bid.

Telos, for example, won a recent task order worth $226,293 to evaluate 15 systems and produce 17 documents for the Kansas City data center.

A portion of USDA's computer-security work is remedial and is not limited to certification and accreditation, Parham said. "We are doing some things that are deferred maintenance."

With respect to computer security, the department faces a challenge similar to that of a few years ago when it had to prepare its systems for the Year 2000 date change, Parham said. The biggest difference, he said, is that the testing of security controls is never really finished.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.