Xacta to certify USDA systems
- By Dibya Sarkar
- Oct 28, 2004
National Agricultural Statistics Service
Xacta Corp. officials will help two Agriculture Department agencies obtain federal security certification and accreditation requirements for their information systems, company officials announced this week.
The company was hired to help ensure that the USDA's Forest Service and the National Agricultural Statistics Service (NASS) follow departmental guidelines, as well as those in the Federal Information Security Management Act (FISMA).
The $122,590 deal for the statistics service was awarded July 19, and the Forest Services' $233,300 task order was awarded July 29 to the company. They represent the fifth and sixth task orders to Xacta's parent company, Telos Corp., after the USDA signed 11 blanket purchase agreements (BPA) with several companies October 2003 for a combined value of $60 million over five years.
Due to FISMA's impact and a growing awareness for better security, Richard Tracy, Xacta's chief security officer, said more federal agencies are getting their information systems certified and accredited.
"And, quite frankly, until probably two or three years ago, I'd say that organizations probably spent more on coffee than they did making sure that their systems were safe and secure," he said. "If it weren't for the crackdown I think, the awareness by itself — which there has been — wouldn't have been what pushed everything forward."
Based on congressionally issued compliance score cards, Tracy said, most federal agencies aren't doing well. However, they show positive trends, such as the issuance of more contracts related to certification and accreditation. "We're seeing significantly more opportunities to do this work than we were five or six years ago," he added.
To properly budget for compliance, federal officials should continually monitor their systems for changes instead of checking every three years, Tracy said.
Some reports have estimated that certification and accreditation for an agency's systems could cost $200,000 to $500,000, but he said there's no average cost because systems range in size from a couple of devices to large local-area networks. Also a system's classification level determines the time, effort and skill set for testing.
"A system is not always a system; it's different depending on where you are and how you draw the accreditation boundary," he said. "It could be very small nonclassified and nonmission essential, which means that you're probably not going to spend a lot of time or money on it. On the other hand, the opposite could be true and you could be spending boatloads of money to make sure that your flank is covered."
Tracy said the company, which is supporting 17 federal agencies with certification and accreditation, would provide both the two USDA agencies with consulting services and products, such as the Xacta IA Manager, which helps officials automatically determine their information technology assets, assess security risks and provide processes and documentation to satisfy compliance guidelines.